ZF-11498: No support of Load Balancer X-Forwarded-Proto for HTTPS in Zend_Controller_Request_Http

Issue Type: Bug Created: 2011-06-21T06:57:47.000+0000 Last Updated: 2012-11-13T15:41:49.000+0000 Status: Open Fix version(s): Reporter: Jordi (jsmolina) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Controller

Related issues: - ZF-5012



this function only supports use of $_SERVER['HTTPS'], but not supporting 'X-Forwarded-Proto' header.

<pre class="highlight">
public function getScheme()
       return ($this->getServer('HTTPS') == 'on') ? self::SCHEME_HTTPS : self::SCHEME_HTTP;

The support of this header is easy and straight-forward:

<pre class="highlight">
public function getScheme()
    if ($this->getServer('HTTPS') == 'on' || 
        $this->getServer('HTTP_X_FORWARDED_PROTO') == 'https') {
        return self::SCHEME_HTTPS ;
    } else {        
        return self::SCHEME_HTTP;


Posted by Marco Brinkmann (marco.brinkmann) on 2011-07-22T10:18:05.000+0000

Same here, can't detect SSL behind a load balancer. The LB does SSL termination and provides only HTTP_X_FORWARDED_PROTO.

Posted by Marco Brinkmann (marco.brinkmann) on 2011-07-22T10:22:25.000+0000

isSecure() is also affected.

Posted by Satoru Yoshida (satoruyoshida) on 2011-07-26T14:12:39.000+0000

Set component and auto-reassign

Posted by Jordi (jsmolina) on 2012-11-13T15:30:39.000+0000

No movements since one year ago?

Posted by Frank Br├╝ckner (frosch) on 2012-11-13T15:41:18.000+0000

Please look here: ZF-5012

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.