Merge pull request #2488 from Xeli/develop
Add support for https behind a reverse proxy using X-Forwarded-Proto
diff --git a/system/core/Common.php b/system/core/Common.php
index cad340f..cb087cb 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -346,7 +346,20 @@
*/
function is_https()
{
- return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on');
+ if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on')
+ {
+ return TRUE;
+ }
+ elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+ {
+ return TRUE;
+ }
+ elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] === 'on')
+ {
+ return TRUE;
+ }
+
+ return FALSE;
}
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 38c6d05..2653b89 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -314,6 +314,7 @@
- Changed ``_exception_handler()`` to respect php.ini *display_errors* setting.
- Added function :php:func:`is_https()` to check if a secure connection is used.
- Added function :php:func:`function_usable()` to check if a function exists and is not disabled by `Suhosin <http://www.hardened-php.net/suhosin/>`.
+ - Added X-Forwarded-Proto support, used for loadbalancers / reverse proxy servers.
- Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE).
- Renamed method ``_call_hook()`` to ``call_hook()`` in the :doc:`Hooks Library <general/hooks>`.
- :doc:`Output Library <libraries/output>` changes include: