From 8faf5bbb87d286c022fa48db488d25b2abb59bb9 Mon Sep 17 00:00:00 2001
From: Tino Adams <tadams@rawideas.com>
Date: Wed, 22 Feb 2012 13:23:01 +1100
Subject: [PATCH] [#1426] Checking "front-end-https" header when determining if
 a request is secure

---
 framework/src/play/mvc/Http.java | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/framework/src/play/mvc/Http.java b/framework/src/play/mvc/Http.java
index 2fef8f72c5..4906880e9d 100644
--- a/framework/src/play/mvc/Http.java
+++ b/framework/src/play/mvc/Http.java
@@ -405,7 +405,15 @@ private boolean isRequestSecure() {
             if (xForwardedSslHeader != null && "on".equals(xForwardedSslHeader.value())) {
                 return true;
             }
-        	
+			
+            // Check the less common "front-end-https" header,
+            // used apparently only by "Microsoft Internet Security and Acceleration Server"
+            // and Squid when using Squid as a SSL frontend.
+            Header frontEndHttpsHeader = headers.get("front-end-https");
+            if (frontEndHttpsHeader != null && "on".equals(frontEndHttpsHeader.value().toLowerCase())) {
+                return true;
+            }
+
             return false;
         }