if r.Header.Get("X-Forwarded-Proto") == "https" {
config.Opts.HTTPS = true
}
If there are traffic from both HTTPS and HTTP reverse proxy, config.Opts.HTTPS will be updated to true after the first request from the HTTPS proxy. After that, all HTTP traffic will get secure cookie which breaks lots of things.
At service/httpd/middleware.go#L22,
If there are traffic from both HTTPS and HTTP reverse proxy,
config.Opts.HTTPS
will be updated totrue
after the first request from the HTTPS proxy. After that, all HTTP traffic will get secure cookie which breaks lots of things.I believe this is one of the cause of #414