From 138cf3566bff19e97b00bbc07b6db7de1c47477b Mon Sep 17 00:00:00 2001
From: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Date: Thu, 18 Dec 2025 15:35:51 +0100
Subject: [PATCH] Fix mixed content by trusting proxy HTTPS

---
 app/Providers/AppServiceProvider.php | 19 +++----------------
 bootstrap/app.php                    |  4 ++++
 2 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 6d7ff008..3a9ec91c 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -66,22 +66,9 @@ class AppServiceProvider extends ServiceProvider
             return env('FRONTEND_URL') . '/reset-password?token=' . $token . '&email=' . $user->email;
         });
 
-        // Trust proxies when running behind a reverse proxy (e.g., Docker, nginx)
-        // This allows Laravel to correctly detect HTTPS when behind a proxy
-        if (config('app.env') !== 'local' || request()->hasHeader('X-Forwarded-Proto')) {
-            request()->setTrustedProxies(
-                ['*'],
-                \Illuminate\Http\Request::HEADER_X_FORWARDED_FOR |
-                    \Illuminate\Http\Request::HEADER_X_FORWARDED_HOST |
-                    \Illuminate\Http\Request::HEADER_X_FORWARDED_PORT |
-                    \Illuminate\Http\Request::HEADER_X_FORWARDED_PROTO |
-                    \Illuminate\Http\Request::HEADER_X_FORWARDED_PREFIX
-            );
-        }
-
-        // Force HTTPS scheme for URLs when accessed via HTTPS
-        // This ensures assets load with the correct protocol
-        if (request()->header('X-Forwarded-Proto') === 'https' || request()->secure()) {
+        // Force HTTPS URLs in non-local envs to avoid mixed-content issues when TLS is terminated
+        // in front of the app container (e.g. Dokploy/Traefik).
+        if (!$this->app->runningInConsole() && !$this->app->environment('local')) {
             URL::forceScheme('https');
         }
     }
diff --git a/bootstrap/app.php b/bootstrap/app.php
index 040f4218..17dd896f 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -44,6 +44,10 @@ return Application::configure(basePath: dirname(__DIR__))
             \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
         ]);
 
+        // Trust reverse proxy headers (X-Forwarded-Proto, etc.) so Laravel generates HTTPS URLs
+        // correctly when TLS is terminated in front of the container (e.g. Dokploy/Traefik).
+        $middleware->trustProxies(at: '*');
+
         $middleware->encryptCookies(except: ['appearance']);
 
         $middleware->web(append: [