Merge pull request #2488 from Xeli/develop

Add support for https behind a reverse proxy using X-Forwarded-Proto

2 files changed, 15 insertions, 1 deletions

diff --git a/system/core/Common.php b/system/core/Common.php
index cad340f33..cb087cb22 100644
--- a/system/core/Common.php
+++ b/system/core/Common.php
@@ -346,7 +346,20 @@ if ( ! function_exists('is_https'))
 	 */
 	function is_https()
 	{
-		return (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on');
+		if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) === 'on')
+		{
+			return TRUE;
+		}
+		elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+		{
+			return TRUE;
+		}
+		elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] === 'on')
+		{
+			return TRUE;
+		}
+
+		return FALSE;
 	}
 }
 
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 38c6d05bd..2653b89a3 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -314,6 +314,7 @@ Release Date: Not Released
 	 -  Changed ``_exception_handler()`` to respect php.ini *display_errors* setting.
 	 -  Added function :php:func:`is_https()` to check if a secure connection is used.
 	 -  Added function :php:func:`function_usable()` to check if a function exists and is not disabled by `Suhosin <http://www.hardened-php.net/suhosin/>`.
+	 -  Added X-Forwarded-Proto support, used for loadbalancers / reverse proxy servers.
    -  Added support for HTTP-Only cookies with new config option *cookie_httponly* (default FALSE).
    -  Renamed method ``_call_hook()`` to ``call_hook()`` in the :doc:`Hooks Library <general/hooks>`.
    -  :doc:`Output Library <libraries/output>` changes include: