Merge pull request #407 from garcia-jj/ot-request-issecure

Adding method to check if request is secure
omnifaces · Dec 10, 2017 · ef3b938 · ef3b938
2 parents 9f70e17 + 9a64643
commit ef3b938
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/main/java/org/omnifaces/util/Servlets.java b/src/main/java/org/omnifaces/util/Servlets.java
@@ -401,6 +401,19 @@ public static String getRemoteAddr(HttpServletRequest request) {
 		return isEmpty(forwardedFor) ? request.getRemoteAddr() : forwardedFor.split("\\s*,\\s*", 2)[0]; // It's a comma separated string: client,proxy1,proxy2,...
 	}
 
+	/**
+	 * Returns <code>true</code> if connection is secure, <code>false</code> otherwise. This method will first check if
+	 * {@link HttpServletRequest#isSecure()} returns <code>true</code>, and if not <code>true</code>, check if the
+	 * <code>X-Forwarded-Proto</code> is present and equals to <code>https</code>.
+	 * @param request The involved HTTP servlet request.
+	 * @return <code>true</code> if connection is secure, <code>false</code> otherwise.
+	 * @see HttpServletRequest#isSecure()
+	 * @since 3.0
+	 */
+	public static boolean isSecure(HttpServletRequest request) {
+		return request.isSecure() || "https".equalsIgnoreCase(request.getHeader("X-Forwarded-Proto"));
+	}
+
 	/**
 	 * Returns the submitted file name of the given part, making sure that any path is stripped off. Some browsers
 	 * are known to incorrectly include the client side path along with it. Since version 2.6.7, RFC-2231/5987 encoded