Description

Currently Laravel has two helpers for generating asset URLs, namely asset and secure_asset. The app is currently relying on asset() which is the default and most preferable one since it doesn't hard enforce HTTPS on local development and testing scenarios where usually HTTPS is not required or even undesired.

Problem

When working with a reverse proxy serving the app over HTTPS while requesting it internally through HTTP, the asset URLs are generated with HTTP scheme regardless of APP_URL being set to a URL explicitly stating HTTPS.

It looks like a default Laravel behavior even to the latest versions, so Goodwork is behaving as expected.

Solution

Make the app take an optional environment value as to what application protocol should be used, or whether to enforce HTTPS or not. Also it would be desirable to have an HTTP fallback in case the value is not set for whatever reason so that the application would be minimally functional OOB for scenarios where HTTPS enforcing is not a requirement.