diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 86f002d14e..4185837917 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1165,8 +1165,6 @@ function generate_board_url($without_script_path = false) $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT'); - $url = (($config['cookie_secure']) ? 'https://' : 'http://') . $server_name; - // Forcing server vars is the only way to specify/override the protocol if ($config['force_server_vars'] || !$server_name) { @@ -1176,6 +1174,12 @@ function generate_board_url($without_script_path = false) $url = $server_protocol . $server_name; } + else + { + // Do not rely on cookie_secure, users seem to think that it means a secured cookie instead of an encrypted connection + $cookie_secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0; + $url = (($cookie_secure) ? 'https://' : 'http://') . $server_name; + } if ($server_port && (($config['cookie_secure'] && $server_port <> 443) || (!$config['cookie_secure'] && $server_port <> 80))) { |