From 7fa8b75b29b9ac02ba686049c0da4cddbfbecd23 Mon Sep 17 00:00:00 2001
From: Jp <jp.aleviado@raksoct.com>
Date: Wed, 11 Feb 2026 05:37:54 +0800
Subject: [PATCH] fix: enforce HTTPS in production environment

Add URL::forceScheme('https') in AppServiceProvider to ensure all generated URLs use HTTPS when the application is in production. This improves security by enforcing secure connections.
---
 app/Providers/AppServiceProvider.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 3e3cc91..ee10dae 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -4,6 +4,7 @@ namespace App\Providers;
 
 use App\Policies\RolePolicy;
 use Illuminate\Support\Facades\Gate;
+use Illuminate\Support\Facades\URL;
 use Illuminate\Support\ServiceProvider;
 use Spatie\Permission\Models\Role;
 
@@ -22,6 +23,10 @@ class AppServiceProvider extends ServiceProvider
      */
     public function boot(): void
     {
+        if ($this->app->environment('production')) {
+            URL::forceScheme('https');
+        }
+
         Gate::before(function ($user, $ability) {
             return $user->hasRole('super_admin') ? true : null;
         });
-- 
2.49.1