How do I scan my entire Laravel site for mixed content without manual URL input?

Use the `MixedContentScanner` with a crawler like Laravel’s `UrlScanner` or a custom route collector. Loop through all routes or sitemap URLs, then pass each to `$scanner->scan(url)`. For large sites, queue scans with Laravel’s queue system to avoid timeouts.

Can this package block deployments if mixed content is found in CI/CD (e.g., GitHub Actions)?

Yes. Integrate the scanner into your CI pipeline by running it as a pre-deployment check. Use a custom `MixedContentLogger` to throw an exception or exit with a non-zero status if critical issues are found, then fail the build.

Does this work with Laravel’s built-in HTTP client or do I need Guzzle?

The package is HTTP client agnostic. Use Laravel’s `Http` facade for consistency (e.g., `Http::get($url)`). Guzzle or Symfony’s HTTP client also work if you prefer. The scanner only needs the raw HTML response.

How do I handle false positives, like analytics scripts or ads that intentionally use HTTP?

Extend `MixedContentLogger` and override `logMixedContentFound()` to filter known safe domains (e.g., `google-analytics.com`). Alternatively, whitelist URLs in a config array before scanning. Test edge cases like redirects or CDN-hosted assets.

What Laravel versions and PHP requirements does this package support?

Officially tested on Laravel 8+ with PHP 7.4+. Laravel 7 may work with minor adjustments (e.g., service provider syntax). Check the [GitHub repo](https://github.com/spatie/mixed-content-scanner) for version-specific notes. No PHP 8.0+ breaking changes exist.

How often should I run mixed content scans in production? Daily? On deploy?

Run scans **pre-deployment** in staging to catch regressions. Schedule **weekly or monthly** scans in production via Laravel’s scheduler (`schedule->command('scan:mixed-content')->weekly()`). For high-traffic sites, use queues to avoid performance impact.

Can I customize where mixed content findings are logged (e.g., Slack, database, Sentry)?

Yes. Implement the `MixedContentLogger` interface and define methods like `logMixedContentFound()`. Example: Log to Slack by sending a webhook in the method. For databases, use Eloquent or Laravel’s query builder. Combine with `MixedContentFound` events for event-driven alerts.

Will this package slow down my Laravel app if scanning thousands of pages?

Scanning large sites can be resource-intensive. Mitigate this by **queueing scans** (wrap in a job) or **rate-limiting requests**. Use Laravel’s `throttle` middleware for HTTP calls. For parallel processing, leverage `pestle/parallel` or Laravel’s `parallel:for` (Laravel 10+).

Is there a CLI tool to scan mixed content without coding?

Yes. Spatie offers a companion package, [`spatie/mixed-content-scanner-cli`](https://github.com/spatie/mixed-content-scanner-cli), which provides a command-line interface. Install it separately (`composer require spatie/mixed-content-scanner-cli`) and run `mixed-content-scanner scan https://example.com`.

How do I integrate this with Laravel’s event system (e.g., trigger scans on HTTP responses)?

Listen for `HttpResponse` events in `EventServiceProvider`. Register a listener to scan the response URL: `event(new HttpResponse($request, $response));`. Use the scanner in the listener: `$scanner->scan($request->url())`. For async processing, dispatch a queued job instead.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Mixed Content Scanner Laravel Package

spatie/mixed-content-scanner

Scan a website for mixed content by crawling pages and flagging insecure http:// resources in common HTML tags (img, script, iframe, link, etc.). Use MixedContentScanner with a logger to report where mixed content is found or missing.

View on GitHub

Deep Wiki

Context7

Scan a HTTPS-site for mixed content

Frequently asked questions about Mixed Content Scanner

How do I scan my entire Laravel site for mixed content without manual URL input?: Use the `MixedContentScanner` with a crawler like Laravel’s `UrlScanner` or a custom route collector. Loop through all routes or sitemap URLs, then pass each to `$scanner->scan(url)`. For large sites, queue scans with Laravel’s queue system to avoid timeouts.
Can this package block deployments if mixed content is found in CI/CD (e.g., GitHub Actions)?: Yes. Integrate the scanner into your CI pipeline by running it as a pre-deployment check. Use a custom `MixedContentLogger` to throw an exception or exit with a non-zero status if critical issues are found, then fail the build.
Does this work with Laravel’s built-in HTTP client or do I need Guzzle?: The package is HTTP client agnostic. Use Laravel’s `Http` facade for consistency (e.g., `Http::get($url)`). Guzzle or Symfony’s HTTP client also work if you prefer. The scanner only needs the raw HTML response.
How do I handle false positives, like analytics scripts or ads that intentionally use HTTP?: Extend `MixedContentLogger` and override `logMixedContentFound()` to filter known safe domains (e.g., `google-analytics.com`). Alternatively, whitelist URLs in a config array before scanning. Test edge cases like redirects or CDN-hosted assets.
What Laravel versions and PHP requirements does this package support?: Officially tested on Laravel 8+ with PHP 7.4+. Laravel 7 may work with minor adjustments (e.g., service provider syntax). Check the [GitHub repo](https://github.com/spatie/mixed-content-scanner) for version-specific notes. No PHP 8.0+ breaking changes exist.
How often should I run mixed content scans in production? Daily? On deploy?: Run scans **pre-deployment** in staging to catch regressions. Schedule **weekly or monthly** scans in production via Laravel’s scheduler (`schedule->command('scan:mixed-content')->weekly()`). For high-traffic sites, use queues to avoid performance impact.
Can I customize where mixed content findings are logged (e.g., Slack, database, Sentry)?: Yes. Implement the `MixedContentLogger` interface and define methods like `logMixedContentFound()`. Example: Log to Slack by sending a webhook in the method. For databases, use Eloquent or Laravel’s query builder. Combine with `MixedContentFound` events for event-driven alerts.
Will this package slow down my Laravel app if scanning thousands of pages?: Scanning large sites can be resource-intensive. Mitigate this by **queueing scans** (wrap in a job) or **rate-limiting requests**. Use Laravel’s `throttle` middleware for HTTP calls. For parallel processing, leverage `pestle/parallel` or Laravel’s `parallel:for` (Laravel 10+).
Is there a CLI tool to scan mixed content without coding?: Yes. Spatie offers a companion package, [`spatie/mixed-content-scanner-cli`](https://github.com/spatie/mixed-content-scanner-cli), which provides a command-line interface. Install it separately (`composer require spatie/mixed-content-scanner-cli`) and run `mixed-content-scanner scan https://example.com`.
How do I integrate this with Laravel’s event system (e.g., trigger scans on HTTP responses)?: Listen for `HttpResponse` events in `EventServiceProvider`. Register a listener to scan the response URL: `event(new HttpResponse($request, $response));`. Use the scanner in the listener: `$scanner->scan($request->url())`. For async processing, dispatch a queued job instead.

View on GitHub

Stars

104

Favorites

105

Forks

Score

30.1

License

MIT

Last release

Jun 4, 2023

Watchers

Downloads

1K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport