Fixing Mixed Content Error

January 23, 2025 · AI Conversations

User
Mixed Content: The page at 'https://shareyourthoughts.ddev.site/' was loaded over HTTPS, but requested an insecure script 'http://0.0.0.0:5173/@vite/client'. This request has been blocked; the content must be served over HTTPS.
ddev ssh
laravel vue
give above error
Assistant
The error occurs because your development environment is trying to load resources (in this case, Vite's client script) over HTTP while the page itself is served over HTTPS, which leads to a mixed content issue. Since you're using DDEV, here's how you can fix the issue:

### Solution:

1. **Configure Vite to use HTTPS**:
You need to tell Vite to serve assets over HTTPS. In your `vite.config.js` file, add or modify the `server` configuration:

export default {
     server: {
       https: true,
       host: '0.0.0.0', // This allows access from other devices in your local network.
       port: 5173, // This matches the port you're using.
     },
   };

2. **Ensure DDEV uses HTTPS**:
DDEV should already be serving your app over HTTPS by default, but to be sure, you can check the configuration in the `ddev` configuration directory. Inside your project directory, run:

ddev describe

Verify that your app's URL is using HTTPS.

3. **Proxy Configuration (Optional)**:
If you are using Vite in development mode (on `localhost:5173` or `0.0.0.0:5173`), you might need to proxy the requests to ensure that the frontend assets are served over HTTPS in the DDEV environment. In the DDEV configuration, you can specify a proxy to forward requests from `http://0.0.0.0:5173` to an HTTPS endpoint.

4. **Restart DDEV**:
After making these changes, restart DDEV to apply the configuration:

ddev restart

This should resolve the mixed content issue by ensuring all resources are served over HTTPS.

User
import { defineConfig } from 'vite';
import laravel from 'laravel-vite-plugin';
import vue from '@vitejs/plugin-vue';

export default defineConfig({
plugins: [
laravel({
input: ['resources/js/app.js', 'resources/js/app-backend.js'],
refresh: true,
}),
vue({
template: {
transformAssetUrls: {
base: null,
includeAbsolute: false,
},
},
}),
],
server: {
host: '0.0.0.0', // Allows access from the Docker container
port: 5173, // Port Vite listens on
strictPort: true,
https: true, // Ensure Vite serves over HTTPS
watch: {
usePolling: true, // Add polling
interval: 1000,
ignored: ['**/node_modules/**', '**/.git/**', '**/storage/**', '**/vendor/**', '**/public/**'],
},
hmr: {
host: '0.0.0.0', // For Windows/Mac, use 'host.docker.internal'
port: 5173,
protocol: 'https', // Ensure HMR uses HTTPS
clientPort: 5173,
},
},
});
above is the vite config

Assistant
Your Vite config looks good, but there are a few things you might want to check to ensure everything works correctly in your DDEV environment.

Here’s what you can try:

### 1. **Update the `VITE_*` Environment Variables**:
You should ensure that the `VITE_*` environment variables (like `VITE_SERVER_URL`) are set correctly to match the HTTPS URL of your DDEV environment. In your `.env` file, set the relevant variables:

VITE_SERVER_URL=https://shareyourthoughts.ddev.site

Then, in your `vite.config.js`, use this variable to set the `base`:

base: process.env.VITE_SERVER_URL || '/',

### 2. **Use a Valid HTTPS Certificate**:
When you enable `https: true` in Vite, ensure that the certificates are valid. DDEV should handle HTTPS certificates automatically, but if you face any certificate issues, you can provide your own certificate using the `cert` and `key` options:

server: {
     https: {
       cert: './path-to-cert/cert.pem', // Update with actual path if necessary
       key: './path-to-cert/key.pem',
     },
     ...
   }

If using the default DDEV setup, DDEV should handle this for you, so you typically don’t need to manually configure certificates.

### 3. **Check for CORS Issues**:
If Vite is still loading resources over HTTP, make sure CORS is not interfering with the requests. You can add the `cors` option to your Vite config:

server: {
     cors: true, // This allows all domains
     ...
   }

However, for a more restrictive approach, only allow the domain where your frontend is hosted:

server: {
     cors: {
       origin: 'https://shareyourthoughts.ddev.site',
     },
     ...
   }

### 4. **Ensure Docker Container Networking is Correct**:
Since you're using DDEV with Docker, make sure that the container can properly reach the `localhost` or `0.0.0.0` address from inside the container. For Docker on DDEV, `localhost` or `0.0.0.0` should work fine, but double-check that DDEV is correctly exposing the ports.

If you continue to see issues, try adding a `clientPort` for HMR:

hmr: {
     host: '0.0.0.0',
     port: 5173,
     protocol: 'https',
     clientPort: 5173, // Make sure clientPort is properly set
   }

### 5. **Check Network Configuration**:
Make sure that DDEV is correctly handling HTTPS traffic. Sometimes, the browser might still try to load assets over HTTP due to cached assets or incorrect configuration.

### 6. **Restart DDEV**:
After making these changes, restart DDEV to apply the updated configuration:

ddev restart

If everything is configured properly, Vite should now serve the assets over HTTPS, and you shouldn’t get the mixed content error anymore. Let me know if you face any issues!

User
generate file
Assistant
I have generated the `vite.config.js` file with the configuration you provided. You can download it using the link below:

[vite.config.js](sandbox:/mnt/data/vite.config.js)

Leave a Comment

Your email address will not be published. Required fields are marked *