From 8a34aae312d9ce59ed8c632bb370761ca1b31359 Mon Sep 17 00:00:00 2001
From: sky121113 <sky121113@gmail.com>
Date: Mon, 2 Feb 2026 14:51:27 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=BC=B7=E5=88=B6=E6=87=89=E7=94=A8?=
 =?UTF-8?q?=E5=B1=A4=20HTTPS=20(=E8=A7=A3=E6=B1=BA=20Mixed=20Content=20?=
 =?UTF-8?q?=E5=88=86=E9=A0=81=E5=95=8F=E9=A1=8C)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Providers/AppServiceProvider.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 4ef0c87..d772b95 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -18,9 +18,17 @@ class AppServiceProvider extends ServiceProvider
 
     public function boot(): void
     {
-        // 如果是在正式環境或 APP_URL 是 https，強制轉為 https
-        if ($this->app->environment('production') || str_contains(config('app.url'), 'https')) {
+        // 強制 HTTPS 檢測邏輯 (包含 Cloudflare/Load Balancer 支援)
+        $isHttps = $this->app->environment('production') 
+            || str_contains(config('app.url'), 'https')
+            || request()->header('x-forwarded-proto') === 'https'
+            || request()->server('HTTPS') === 'on';
+
+        if ($isHttps) {
             URL::forceScheme('https');
+            
+            // 強制讓 Request 物件認為自己是安全連線 (解決 Paginator 或 Request::secure() 判斷問題)
+            request()->server->set('HTTPS', 'on');
         }
 
         // 隱含授權：讓 "super-admin" 角色擁有所有權限