Closed sunsided closed 6 years ago
X-Forwarded-Proto
is non-standard, there's a standardised version that looks something like Forwarded: proto=https
(see http://stackoverflow.com/a/26206395/210370). I wonder how many proxies support that though.
I guess the right logic should be something like:
$_SERVER['HTTPS']
is set, use https
$_SERVER['SERVER_PORT']
is 443
, use https
(for compatibility with servers that don't set $_SERVER['HTTPS']
)Forwarded
header contains proto=https
, use https
(proxy that supports RFC 7239)X-Forwarded-Proto
header is https
, use https
(proxy that doesn't support RFC 7239)http
That's a lot of stuff to check! I wonder if there's a small existing PHP library I could reuse rather than reinventing the wheel every time I need to check whether URLs use HTTP or HTTPS.
When serving the feed behind an SSL terminating endpoint (say, nginx as a reverse proxy), the download feeds are in the wrong format. The protocol should generally match the value of the
X-Forwarded-Proto
request header (which is either missing,http
orhttps
in this case).