From 6ac626191aa7b4e60226bad7c5404088811c3156 Mon Sep 17 00:00:00 2001
From: Dwindi Ramadhana <dwindown@DwMacMiniM4.local>
Date: Sat, 14 Feb 2026 19:27:32 +0700
Subject: [PATCH] fix: trust proxy headers for secure URL generation

---
 app/bootstrap/app.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/bootstrap/app.php b/app/bootstrap/app.php
index 964c6a1..c53ed79 100644
--- a/app/bootstrap/app.php
+++ b/app/bootstrap/app.php
@@ -4,6 +4,7 @@ use App\Http\Middleware\CanonicalPathMiddleware;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
+use Illuminate\Http\Request;
 
 return Application::configure(basePath: dirname(__DIR__))
     ->withRouting(
@@ -17,6 +18,13 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware): void {
+        // Respect reverse-proxy forwarded headers (Coolify/Nginx) so generated URLs keep HTTPS.
+        $middleware->trustProxies(at: '*', headers: Request::HEADER_X_FORWARDED_FOR
+            | Request::HEADER_X_FORWARDED_HOST
+            | Request::HEADER_X_FORWARDED_PORT
+            | Request::HEADER_X_FORWARDED_PROTO
+            | Request::HEADER_X_FORWARDED_AWS_ELB);
+
         $middleware->web(append: [
             CanonicalPathMiddleware::class,
         ]);