From 362c228c47eb0b48b780d0844ac5321381e4f207 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Thu, 18 Feb 2021 10:00:56 +0100
Subject: mod_http: Consider x-forwarded-proto from trusted proxies

Should be better than setting consider_{bosh,websocket}_secure as that
may end up causing actually insecure requests to be considered secure.

Doing it here, as with IP, should make this apply to all HTTP modules.
---
 plugins/mod_http.lua | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua
index 408e401e..3d2c4443 100644
--- a/plugins/mod_http.lua
+++ b/plugins/mod_http.lua
@@ -259,6 +259,10 @@ module:wrap_object_event(server._events, false, function (handlers, event_name,
 	if request and is_trusted_proxy(request.conn:ip()) then
 		-- Not included in eg http-error events
 		request.ip = get_ip_from_request(request);
+
+		if not request.secure and request.headers.x_forwarded_proto == "https" then
+			request.secure = true;
+		end
 	end
 	return handlers(event_name, event_data);
 end);
-- 
cgit v1.2.3