修复 HTTPS 资源链接生成

tests/Feature/SecurityHardeningTest.php

@@ -17,6 +17,7 @@ use App\Events\BannerNotification;
 use App\Http\Controllers\Admin\BannerBroadcastController;
 use App\Http\Middleware\CloudflareProxies;
 use App\Models\User;
+use App\Providers\AppServiceProvider;
 use App\Providers\HorizonServiceProvider;
 use Illuminate\Broadcasting\PendingBroadcast;
 use Illuminate\Contracts\Broadcasting\Factory as BroadcastFactory;
@@ -24,6 +25,7 @@ use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\RateLimiter;
+use Illuminate\Support\Facades\URL;
 use Tests\TestCase;
 
 /**
@@ -31,6 +33,16 @@ use Tests\TestCase;
  */
 class SecurityHardeningTest extends TestCase
 {
+    /**
+     * 每个测试后重置 URL 生成器的强制协议，避免污染后续用例。
+     */
+    protected function tearDown(): void
+    {
+        URL::forceScheme(null);
+
+        parent::tearDown();
+    }
+
     /**
      * 验证只有来自可信代理的请求才允许采用透传客户端 IP。
      */
@@ -169,6 +181,19 @@ class SecurityHardeningTest extends TestCase
         $this->assertFalse(Gate::forUser($revokedManager)->allows('viewHorizon'));
     }
 
+    /**
+     * 验证开启强制 HTTPS 配置后，应用生成的资源链接会统一使用 https。
+     */
+    public function test_app_force_https_makes_generated_asset_urls_use_https(): void
+    {
+        config()->set('app.force_https', true);
+
+        $provider = new AppServiceProvider($this->app);
+        $provider->boot();
+
+        $this->assertStringStartsWith('https://', url('/build/assets/app.css'));
+    }
+
     /**
      * 验证前台登录入口在命中限流后会直接返回 429。
      */