Did you know Laravel's URL validator lets you control which protocols you accept?
My recommendation is to require HTTPS-only if possible, or limit it to only HTTP and HTTPS if you don't need special links.
securinglaravel.com/security-tip-validating-secure-urls
