[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https

PHPBB3-14481
author: Marc Alexander <admin@m-a-styles.de> 2016-02-15 21:40:52 +0100
committer: Marc Alexander <admin@m-a-styles.de> 2016-02-15 22:06:25 +0100
commit: accf8f8625ca1c730ee0bb09e1ecc44526c124d3 (patch)
tree: d99ca148a268002187c1637e8762fcdef9e45c21 /phpBB/phpbb/request/request.php
parent: 17e21d5140ccb99363a32bd64c32af6012c1ce97 (diff)
download: forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar
forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.gz
forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.bz2
forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.xz
forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php
index 56ce3999ed..4cac6fbaea 100644
--- a/phpBB/phpbb/request/request.php
+++ b/phpBB/phpbb/request/request.php
@@ -325,7 +325,9 @@ class request implements \phpbb\request\request_interface
 	*/
 	public function is_secure()
 	{
-		return $this->server('HTTPS') == 'on';
+		$https = $this->server('HTTPS');
+		$https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https;
+		return !empty($https) && $https !== 'off';
 	}
 
 	/**
author	Marc Alexander <admin@m-a-styles.de>	2016-02-15 21:40:52 +0100
committer	Marc Alexander <admin@m-a-styles.de>	2016-02-15 22:06:25 +0100
commit	accf8f8625ca1c730ee0bb09e1ecc44526c124d3 (patch)
tree	d99ca148a268002187c1637e8762fcdef9e45c21 /phpBB/phpbb/request/request.php
parent	17e21d5140ccb99363a32bd64c32af6012c1ce97 (diff)
download	forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.gz forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.bz2 forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.tar.xz forums-accf8f8625ca1c730ee0bb09e1ecc44526c124d3.zip