如何通过 https 在 Laravel 5 中提供静态内容?
[英]How to serve static content in Laravel 5 over https?
问题描述
I've spent a ton of time trying to fix this but haven't had any luck so far.
我花了很多时间试图解决这个问题,但到目前为止还没有任何运气。 My app isn't loading css because of a mixed content error (The page at ' https://example.com/ ' was loaded over HTTPS, but requested an insecure stylesheet ' http://example.com/assets/css/magazine.min.css '. This request has been blocked; the content must be served over HTTPS).由于混合内容错误,我的应用程序未加载 css(“ https://example.com/ ”上的页面已通过 HTTPS 加载,但请求了不安全的样式表“ http://example.com/assets/css/” magazine.min.css '。此请求已被阻止;内容必须通过 HTTPS 提供)。 I know that I can load the assets by passing in true to the asset function but that would mean I would have to go to all the asset calls and change them.我知道我可以通过将 true 传递给资产函数来加载资产,但这意味着我必须转到所有资产调用并更改它们。 Is there a site wide setting I can configure so that it does https in production and http in local?是否有我可以配置的站点范围设置,以便它在生产中执行 https 并在本地执行 http?
Thanks谢谢
3 个解决方案
解决方案1
1 2016-05-30 11:19:40
You can create something like ForceHttps middleware and than create condition for environment inside of it, like this:您可以创建类似 ForceHttps 中间件的东西,然后为其中的环境创建条件,如下所示:
public function handle($request, Closure $next)
{
if (!\App::environment('local')) {
\URL::forceSchema('https');
}
return $next($request);
}
Than add it to some route group or globally if you want.如果需要,可以将其添加到某个路由组或全局。
NOTE: I would suggest to resolve this on your web server, not in Laravel注意:我建议在你的网络服务器上解决这个问题,而不是在 Laravel
解决方案2
0 2016-05-30 11:23:49
Just use asset() helper to generate asset's URL.只需使用asset()助手来生成资产的 URL。 It will use the current protocol.它将使用当前协议。
Do NOT force assets to be loaded by https, unless they are sensitive (which is almost never the case).不要强制通过 https 加载资产,除非它们是敏感的(几乎从来没有这种情况)。 That would be an overhead, because you usually care more of safe website content than safe assets.这将是一种开销,因为您通常更关心安全的网站内容而不是安全的资产。 In other words, if you accept loading http website, you most likely accept http assets.换句话说,如果您接受加载 http 网站,则您很可能接受 http 资产。 Instead, consider using middleware to redirect http to https on each non-safe request.相反,考虑使用中间件在每个非安全请求上将 http 重定向到 https。
This is the middleware I'm using myself:这是我自己使用的中间件:
public function handle($request, Closure $next)
{
if (!$request->secure()) {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
If you wish to use it, please remember to fire it BEFORE attaching any cookies, that is before Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse middleware.如果你想使用它,请记住在附加任何 cookie 之前触发它,即在Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse中间件之前。
解决方案3
0 2016-08-24 07:50:30
I created app/Helpers/SiteHelpers.php containing a function that overrides the default asset() function.我创建了app/Helpers/SiteHelpers.php其中包含一个覆盖默认asset()函数的函数。
<?php
/**
* Overrides the default asset() method, which generates an asset path for the application.
*
* @param string $path
* @param bool $secure
*
* @return string
*/
function asset ($path, $secure = null) {
if (Request::server('HTTP_X_FORWARDED_PROTO') == 'https' || Request::server('HTTPS') == 'on') {
$secure = TRUE;
}
return app('url')->asset($path, $secure);
}
then added it on bootstrap/autoload.php above require __DIR__.'/../vendor/autoload.php';然后将它添加到bootstrap/autoload.php上面require __DIR__.'/../vendor/autoload.php'; so it would look like below:所以它看起来像下面:
require __DIR__.'/../app/Helpers/SiteHelpers.php';
require __DIR__.'/../vendor/autoload.php';
this is flexible depending on whether you are serving your static content on http or https这很灵活,具体取决于您是在 http 还是 https 上提供静态内容
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.