#634 Detection of HTTPS not working with nginx (iTop always considering the current connection as being secure)

SVN:trunk[2617]
2026-04-23 10:38:45 +02:00 · 2013-03-13 13:57:51 +00:00
parent 3cf398618e
commit b38dea4bba
6 changed files with 26 additions and 20 deletions
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -508,7 +508,7 @@ class utils
 	{
 		// Build an absolute URL to this page on this server/port
 		$sServerName = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : '';
-		$sProtocol = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']!="off")) ? 'https' : 'http';
+		$sProtocol = self::IsConnectionSecure() ? 'https' : 'http';
 		$iPort = isset($_SERVER['SERVER_PORT']) ? $_SERVER['SERVER_PORT'] : 80;
 		if ($sProtocol == 'http')
 		{
@@ -571,6 +571,25 @@ class utils
 		return $sAppRootUrl;
 	}

+	/**
+	 * Helper to handle the variety of HTTP servers
+	 * See #286 (fixed in [896]), and #634 (this fix)
+	 * 	 
+	 * Though the official specs says 'a non empty string', some servers like IIS do set it to 'off' !
+	 * nginx set it to an empty string
+	 * Others might leave it unset (no array entry)	 
+	 */	 	
+	static public function IsConnectionSecure()
+	{
+		$bSecured = false;
+
+		if (!empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off'))
+		{
+			$bSecured = true;
+		}
+		return $bSecured;
+	}
+
 	/**
 	 * Tells whether or not log off operation is supported.
 	 * Actually in only one case: