ZF-11498: No support of Load Balancer X-Forwarded-Proto for HTTPS in Zend_Controller_Request_Http

Description

this function only supports use of $_SERVER['HTTPS'], but not supporting 'X-Forwarded-Proto' header.


public function getScheme()
{
       return ($this->getServer('HTTPS') == 'on') ? self::SCHEME_HTTPS : self::SCHEME_HTTP;
}

The support of this header is easy and straight-forward:


public function getScheme()
{
    if ($this->getServer('HTTPS') == 'on' || 
        $this->getServer('HTTP_X_FORWARDED_PROTO') == 'https') {
        return self::SCHEME_HTTPS ;
    } else {        
        return self::SCHEME_HTTP;
    }
}

Comments

Same here, can't detect SSL behind a load balancer. The LB does SSL termination and provides only HTTP_X_FORWARDED_PROTO.

isSecure() is also affected.

Set component and auto-reassign

No movements since one year ago?

Please look here: ZF-5012