Closed gregmac closed 5 years ago
Checking for the existence of XForwardedProto is not enough, you have to check the values.
The UseForwardedHeaders middleware is intended to handle the X-Forwared-Proto header and update the request so we don't have to build in support for it in every other middleware. See the reverse proxy docs.
As for the automatic activation, you're still missing the key information of the public port to redirect to. Defaulting to 443 has caused problems when https is not actually configured for the site.
I was just trying to use
UseHttpsRedirection()
(HttpsRedirectionMiddleware
), and in my deployment scenario (to AWS Beanstalk, using AWS Toolkit for VisualStudio) it would be very convenient to be able to activate HTTPS redirection based only on the existence ofX-Forwared-Proto
header.For example:
The current methods of enabling this require modifying the deployed application environment (config file or environment variables), which is an extra step beyond built-in tooling. By using the header, it would be possible to enable automatically if deployed behind a proxy that's forwarding that header (where, coupled with explicit opt-in via
HttpsRedirectionOptions
, this is a safe assumption).