After upgrading to 1.6.5, console errors on /admin/login and 405 error with login #2296
Description
Pre-work
- I have read the docs.
- I have searched open and closed issues.
- I agree to follow this project's Code of Conduct.
Description
After upgrading to v1.6.5 (docker container), I can no longer login using Mac Safari (blank page) and I get errors in Goggle Chrome. I believe the heart of the issue is speediest-tracker is trying to load assets over an insecure URL even with the ASSET_URL set to https.
My setup is (url obfuscated):
internet --https://speedtest.xxxx.net--> HA Proxy --http://strongbox.xxxx.net:1234--> speedtest
I run this in a docker container with the ASSET_URL set to https://speedtest.xxxx.net
Here is the console bug in chrome (renders):
Mixed Content: The page at 'https://speedtest.xxxx.net/admin/login' was loaded over HTTPS, but requested an insecure script 'http://speedtest.xxxx.net/vendor/livewire/livewire.min.js?id=df3a17f2'. This request has been blocked; the content must be served over HTTPS.
Here is the console in Safari (doesn't not render):
The page at https://speedtest.xxxx.net/admin contains a form which targets an insecure URL http://speedtest.xxxx.net/admin/logout.
[blocked] The page at https://speedtest.xxxx.net/admin requested insecure content from http://speedtest.xxxx.net/vendor/livewire/livewire.min.js?id=df3a17f2. This content was blocked and must be served over HTTPS.
Once I login with Chrome (since it warns and doesn't block), I get the following error:
Oops! An Error Occurred
The server returned a "405 Method Not Allowed".
Something is broken. Please let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.
It seems like the 1.6.5 update doesn't respect the https in the ASSET_URL environmental variable. I assume this is somewhere in the filament code but don't know enough php or js to trace the codepath.
I assume this is the result of the warning above about the form targeting http: instead of https:
Expected Behavior
The /admin/login page should render and then allow me into the application after username / password input
Steps to Reproduce
- Upgrade to 1.6.5
- Set
ASSET_URLas you are behind a HTTPS reverse proxy (mine in HA proxy). - Use Mac Safari or Mac Chrome to load
https://speedtest.xxxx.net/admin
Deployment Environment
Docker Run
Application Information
{
"environment": {
"application_name": "Speedtest Tracker",
"laravel_version": "12.20.0",
"php_version": "8.4.10",
"composer_version": "2.8.10",
"environment": "production",
"debug_mode": false,
"url": "speedtest.xxxx.net",
"maintenance_mode": false,
"timezone": "UTC",
"locale": "en"
},
"cache": {
"config": true,
"events": true,
"routes": true,
"views": true
},
"drivers": {
"broadcasting": "null",
"cache": "database",
"database": "sqlite",
"logs": "stderr",
"mail": "log",
"queue": "database",
"session": "database"
},
"storage": {
"\\/app\\/www\\/public\\/storage": false
},
"filament": {
"version": "v3.3.31",
"packages": "filament, forms, notifications, support, tables",
"views": "NOT PUBLISHED",
"blade_icons": "CACHED",
"panel_components": "CACHED"
},
"livewire": {
"livewire": "v3.6.4"
},
"speedtest_tracker": {
"version": "v1.6.5"
}
}What browser(s) are you seeing the problem on?
Safari and Chrome
Logs
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
speedtest-tracker: https://github.com/sponsors/alexjustesen
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 1000
User GID: 10
───────────────────────────────────────
Linuxserver.io version: v1.6.5-ls102
Build-date: 2025-07-26T21:28:11+00:00
───────────────────────────────────────
using keys found in /config/keys
**** The following active confs have different version dates than the samples that are shipped. ****
**** This may be due to user customization or an update to the samples. ****
**** You should compare the following files to the samples in the same folder and update them. ****
**** Use the link at the top of the file to view the changelog. ****
┌────────────┬────────────┬────────────────────────────────────────────────────────────────────────┐
│ old date │ new date │ path │
├────────────┼────────────┼────────────────────────────────────────────────────────────────────────┤
│ 2024-12-17 │ 2025-05-31 │ /config/nginx/nginx.conf │
│ 2024-07-16 │ 2025-05-31 │ /config/nginx/site-confs/default.conf │
│ 2024-12-06 │ 2025-07-18 │ /config/nginx/ssl.conf │
└────────────┴────────────┴────────────────────────────────────────────────────────────────────────┘
[custom-init] No custom files found, skipping...
crond[278]: crond (busybox 1.37.0) started, log level 5
crond[278]: user:root entry:*/15 * * * * run-parts /etc/periodic/15min
crond[278]: user:root entry:0 * * * * run-parts /etc/periodic/hourly
crond[278]: user:root entry:0 2 * * * run-parts /etc/periodic/daily
crond[278]: user:root entry:0 3 * * 6 run-parts /etc/periodic/weekly
crond[278]: user:root entry:0 5 1 * * run-parts /etc/periodic/monthly
crond[278]: user:abc entry:* * * * * /usr/bin/php /app/www/artisan schedule:run -q
[ls.io-init] done.
[27-Jul-2025 16:46:28] NOTICE: fpm is running, pid 276
[27-Jul-2025 16:46:28] NOTICE: ready to handle connections
crond[278]: user:root entry:*/15****run-parts /etc/periodic/15min
crond[278]: user:root entry:0****run-parts /etc/periodic/hourly
crond[278]: user:root entry:02***run-parts /etc/periodic/daily
crond[278]: user:root entry:03**6run-parts /etc/periodic/weekly
crond[278]: user:root entry:051**run-parts /etc/periodic/monthly