SSL detection: add support for `X-Forwarded-Proto`

Duplicates #332

See:
 - RFC 7239 - Forwarded HTTP Extension
   http://www.ietf.org/rfc/rfc7239.txt
 - RFC 6238 - Deprecating the "X-" Prefix and Similar Constructs in Application Protocols
   http://www.ietf.org/rfc/rfc6648.txt
 - StackOverflow - Custom HTTP headers: naming conventions
   http://stackoverflow.com/a/3561399

diff --git a/index.php b/index.php
index 61d92f04d8fd1bc61dde6167bd56096a9efc318e..7818ee88755c54329cfeb86d1b56ac8434b14f68 100755 (executable)
--- a/index.php
+++ b/index.php
@@ -463,7 +463,7 @@ if (isset($_POST['login']))
 // You can append $_SERVER['SCRIPT_NAME'] to get the current script URL.
 function serverUrl()
 {
-    $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443'; // HTTPS detection.
+    $https = (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS'])=='on')) || $_SERVER["SERVER_PORT"]=='443' || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'); // HTTPS detection.
     $serverport = ($_SERVER["SERVER_PORT"]=='80' || ($https && $_SERVER["SERVER_PORT"]=='443') ? '' : ':'.$_SERVER["SERVER_PORT"]);
     return 'http'.($https?'s':'').'://'.$_SERVER['SERVER_NAME'].$serverport;
 }