# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1613638856 -3600
# Node ID 98b7ae7064b27a37df540becc2709a8b34e3f4c9
# Parent  a0477656258c6878d7a2f6413d45f941b3b2bc4a
mod_http: Consider x-forwarded-proto from trusted proxies

Should be better than setting consider_{bosh,websocket}_secure as that
may end up causing actually insecure requests to be considered secure.

Doing it here, as with IP, should make this apply to all HTTP modules.

diff -r a0477656258c -r 98b7ae7064b2 plugins/mod_http.lua
--- a/plugins/mod_http.lua	Thu Feb 18 12:02:11 2021 +0100
+++ b/plugins/mod_http.lua	Thu Feb 18 10:00:56 2021 +0100
@@ -259,6 +259,10 @@
 	if request and is_trusted_proxy(request.conn:ip()) then
 		-- Not included in eg http-error events
 		request.ip = get_ip_from_request(request);
+
+		if not request.secure and request.headers.x_forwarded_proto == "https" then
+			request.secure = true;
+		end
 	end
 	return handlers(event_name, event_data);
 end);