I am hosting a website at https://website.com When a user logs in, there are many network calls using javascript (VueJS/axios) to get their data. That network calls all use the path https://website.com/api/{path}.

In the network tab on the browsers (Chrome and Safari), the network calls are actually being sent to http://website.com/api/{path} and I don't know why. My http -> https then kicks in and redirects (301). When the redirect happens, the authorization header is lost and the network calls fail (unauthenticated).

I think this likely has to do with my AWS configuration. I am hosting the site using EC2. I use the typical elastic load balancer http -> https redirection. So the server itself is hosted on port 80 but the load balancer is terminating at 443. The load balancer port 80 redirects to port 443.

Any advice would be amazing. I've been stumped on this for days. Chrome is smart enough to keep the Authorization headers (but still 301 redirect). Safari requests completely fail.

This is a PHP Laravel application