heroku-deployed application not secure

Question

I have a deployed heroku app, https://myapp.herokuapp.com/, to which I want to link my custom domain, myapp.com, from namecheap. So I did the following:

1. Add myapp.com as a domain in heroku settings.

2. Add a CNAME record for my deployed heroku app in namecheap:

Type: CNAME Record, Host: @, Value: myapp.herokuapp.com., TTL: 1 min

At this point, my app worked at myapp.com. The problem is, the connection was not secure - the app ran at http://myapp.com/. I noticed that you need a paid heroku account to use their SSL services, so I upgraded my account to Hobby. I then configured the SSL to "automatic", and refreshed domain status. Heroku thereby changed to

Your app can be found at https://myapp.com

The problem is, when I click on the link heroku gave me, chrome redirects me to a warning page, saying my connection is not secure

and that the heroku ssl certificate is invalid. Why does this happen? Is it a problem with heroku or with my namecheap domain?

My full namecheap DNS records for reference:

Type: CNAME Record, Host: @, Value: myapp.herokuapp.com., TTL: 1 min

Type: CNAME Record, Host: www, Value: myapp.herokuapp.com., TTL: 1 min

Type: URL Redirect Record, Host: @, Value: https://www.myapp.com., unmasked

Answer 1

The issue is https.

You have to force the files to be loaded via https on production.

Using php laravel, in your AppServiceProvider, add the following to the boot method

public function boot() 
{
    if ($this->app->environment('production')) {
        URL::forceScheme('https');
    }
}