FeedWriter does not honor actual (or proxied) protocol

[sunsided]

When serving the feed behind an SSL terminating endpoint (say, nginx as a reverse proxy), the download feeds are in the wrong format. The protocol should generally match the value of the X-Forwarded-Proto request header (which is either missing, http or https in this case).

[Daniel15]

X-Forwarded-Proto is non-standard, there's a standardised version that looks something like Forwarded: proto=https (see http://stackoverflow.com/a/26206395/210370). I wonder how many proxies support that though.

I guess the right logic should be something like:

1. If $_SERVER['HTTPS'] is set, use https
2. If $_SERVER['SERVER_PORT'] is 443, use https (for compatibility with servers that don't set $_SERVER['HTTPS'])
3. If Forwarded header contains proto=https, use https (proxy that supports RFC 7239)
4. If X-Forwarded-Proto header is https, use https (proxy that doesn't support RFC 7239)
5. Otherwise, use http

That's a lot of stuff to check! I wonder if there's a small existing PHP library I could reuse rather than reinventing the wheel every time I need to check whether URLs use HTTP or HTTPS.