HttpsRedirectionMiddleware should support conditionally redirecting if X-Forwarded-Proto is available

[gregmac]

I was just trying to use UseHttpsRedirection() (HttpsRedirectionMiddleware), and in my deployment scenario (to AWS Beanstalk, using AWS Toolkit for VisualStudio) it would be very convenient to be able to activate HTTPS redirection based only on the existence of X-Forwared-Proto header.

For example:

services.AddHttpsRedirection(options =>
{
    // EXISTING:
    options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
    options.HttpsPort = 443;

    // PROPOSED:
    options.RequiresHeader = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.XForwardedProto;  
});

The current methods of enabling this require modifying the deployed application environment (config file or environment variables), which is an extra step beyond built-in tooling. By using the header, it would be possible to enable automatically if deployed behind a proxy that's forwarding that header (where, coupled with explicit opt-in via HttpsRedirectionOptions, this is a safe assumption).

[Tratcher]

Checking for the existence of XForwardedProto is not enough, you have to check the values.

The UseForwardedHeaders middleware is intended to handle the X-Forwared-Proto header and update the request so we don't have to build in support for it in every other middleware. See the reverse proxy docs.

[Tratcher]

As for the automatic activation, you're still missing the key information of the public port to redirect to. Defaulting to 443 has caused problems when https is not actually configured for the site.