Skip to content

Commit

Permalink
Honor HTTP_X_FORWARDED_PROTO for Gravatar
Browse files Browse the repository at this point in the history 
When behind a proxy/load balancer and HTTP_X_FORWARDED_PROTO indicates
that MantisBT is accessed via https, make sure all resources are loaded via https.

Fixes #22689
  • Loading branch information
@vboctor
vboctor committed Apr 16, 2017
1 parent 2d5ab94 commit 233b5e5
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion core/http_api.php
View file
Expand Up @@ -40,7 +40,15 @@
* @return boolean True if protocol is HTTPS
*/
function http_is_protocol_https() {
return !empty( $_SERVER['HTTPS'] ) && ( utf8_strtolower( $_SERVER['HTTPS'] ) != 'off' );
if( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) ) {
return strtolower( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) == 'https';
}

if( !empty( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) {
return true;
}

return false;
}

/**
Expand Down

0 comments on commit 233b5e5

Please sign in to comment.