Scheme detection problem

[thebodzio]

Recently I was bringing up a site based on Grav, which uses psr7-server/ServerRequestCreator.php directly to prepare a request object for further manipulation. The server I was using had the following peculiarity: it had $_SERVER['REQUEST_SCHEME'] set to http and at the same time $_SERVER['HTTPS'] set to on. All of that while I was using exclusively HTTPS. This caused an occasional problem when a redirection was made to e.g. http://example.com:443/about instead of https://example.com/about. I believe the way the scheme detection works now is a problem, since current code will set scheme as http even though the server also reports $_SERVER['HTTPS'] as being used. I mean this fragment:

psr7-server/src/ServerRequestCreator.php

Lines 272 to 276 in b846a68

	if (isset($server['REQUEST_SCHEME'])) {
	$uri = $uri->withScheme($server['REQUEST_SCHEME']);
	} elseif (isset($server['HTTPS'])) {
	$uri = $uri->withScheme('on' === $server['HTTPS'] ? 'https' : 'http');
	}

Shouldn't HTTPS header have precedence here? Something like this code here (from https://www.designcise.com/web/tutorial/how-to-check-for-https-request-in-php):

$isHttps = 
    $_SERVER['HTTPS']
    ?? $_SERVER['REQUEST_SCHEME']
    ?? $_SERVER['HTTP_X_FORWARDED_PROTO']
    ?? null
;

$isHttps = 
    $isHttps && (
        strcasecmp('on', $isHttps) == 0
        || strcasecmp('https', $isHttps) == 0
    )
;

or, at least, reverse the order of condition checks?

I think this problem is somewhat related, but not identical to #29.