From accf8f8625ca1c730ee0bb09e1ecc44526c124d3 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 15 Feb 2016 21:40:52 +0100
Subject: [ticket/14481] Respect HTTP_X_FORWARDED headers for implying https

PHPBB3-14481
---
 phpBB/phpbb/request/request.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'phpBB/phpbb/request')

diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php
index 56ce3999ed..4cac6fbaea 100644
--- a/phpBB/phpbb/request/request.php
+++ b/phpBB/phpbb/request/request.php
@@ -325,7 +325,9 @@ class request implements \phpbb\request\request_interface
 	*/
 	public function is_secure()
 	{
-		return $this->server('HTTPS') == 'on';
+		$https = $this->server('HTTPS');
+		$https = $this->server('HTTP_X_FORWARDED_PROTO') === 'https' ? 'on' : $https;
+		return !empty($https) && $https !== 'off';
 	}
 
 	/**
-- 
cgit v1.2.1