Samuel Iheadindu
Software Engineer. Web Developer. Systems Analyst
Laravel: This form is not secure
A solution to the common Laravel form security issue when working with nginx reverse proxy and SSL certificates.
This form is not secure, autofill has been turned off
Have you ever been frustrated with the the situation in the topic above? In my case, we have an nginx reverse proxy with ssl certificate which has configuration that points to each internal application exposed through the reverse proxy. The ssl certificate of the reverse proxy ought to cover for all the applications exposed through it, so that we don’t need to generate ssl certificate for each application.
Here is a simple solution in laravel! Locate your AppServiceProvider in the folder path: /apps/Providers/AppServiceProvider.php
In the boot method of the app service provider, paste the following code:
if($this->app->environment('production')) {
\URL::forceScheme('https');
}Save your code and exit
Open your .env file and make sure that APP_ENV variable is set to production APP_ENV=production
With this, your application should force your code to use the ssl certificate of the reverse proxy.
NOTE: The nginx reverse proxy server should be using wildcard ssl certificate for this whole setting to work properly.