Laravel serving assets insecurely with AWS

This is an easy gotcha. If you're using AWS you need to change your config. It's very simple and, as usual, Laravel's documentation has the solution. You can read more here:

https://laravel.com/docs/5.6/requests#configuring-trusted-proxies

enter image description here

All I had to do (as an AWS Elastic Beanstalk user) was edit app/Http/Middleware/TrustProxies.php:

class TrustProxies extends Middleware
{
    /**
     * The trusted proxies for this application.
     *
     * @var array
     */
    protected $proxies = '*';

    /**
     * The headers that should be used to detect proxies.
     *
     * @var int
     */
    protected $headers = Request::HEADER_X_FORWARDED_AWS_ELB;
}

Now everything is fine. Easy to miss when setting up a new project.