SSL detection: add support for X-Forwarded-Proto

Duplicates #332 See: - RFC 7239 - Forwarded HTTP Extension http://www.ietf.org/rfc/rfc7239.txt - RFC 6238 - Deprecating the "X-" Prefix and Similar Constructs in Application Protocols http://www.ietf.org/rfc/rfc6648.txt - StackOverflow - Custom HTTP headers: naming conventions http://stackoverflow.com/a/3561399
2015-09-01 13:37:04 +02:00 · 2015-09-01 13:37:04 +02:00 · 7b114771d3
commit 7b114771d3
parent ce47a75864
1 changed files with 1 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -463,7 +463,7 @@ function ban_canLogin()
 // You can append $_SERVER['SCRIPT_NAME'] to get the current script URL.
 function serverUrl()
 {
-    $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
+    $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443' || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); // HTTPS detection.
    $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
    return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport;
 }