Trusted Proxies doesn't seem to work with these headers

[MartinHughes-BPC]

Hello,

I'm attempting to setup Trusted Proxies so Laravel understands it needs to create https links when responding to requests. However this doesn't appear to be working as I'm still getting http links in some circumstances. I've poked around a bit and I think it might be to do with the headers the reverse proxy sends. These are:

X-Forwarded-For
X-Forwarded-Host
X-Forwarded-Server

In the Symfony docs (and in the TrustedProxies middleware file) it looks as if you OR together a set or bit patterns to instruct it which headers to inspect. I can find a bit pattern for X-Forwarded-For and X-Forwarded-Host, but not for X-Forwarded-Server. I may be wrong, but I think Laravel/Symfony is ignoring these because it can't match all three headers. (I've tried just For and Host and that didn't work).

Does anybody have an ideas about how get this working with these headers? I've set the trusted proxies to "*".

I have tried setting the forceScheme to https, however this causes email verification to fail with an invalid signature (which set me off on this merry chase to begin with).

Any help appreciated.

Cheers,
Martin.

[MartinHughes-BPC]

Ok, I was on the right track - it was all to do with the X-Forwarded headers.

If you want this to work out of the box, you must ensure that your reverse proxy, load balancer, or whatever, is sending headers Laravel/Symfony is expecting. I already had X-Forwarded-For and X-Forwarded-Host, but needed to add X-Forwarded-Proto and X-Forwarded-Port. I actually cheated and added these by enabling mod_headers in apache and appending these with default values in the vhost. I will be getting the IT lads to add these in whatever-we-use-that-does-this-stuff thingy.

I've also removed forceScheme and all is working well.