Php Server: HTTP_X_FORWARDED_SSL usage

Asked Jun 24 '17 at 21:52

Active Jun 24 '17 at 21:52

Viewed 2,942 times

In OpenCart i saw the following code:

    // Check if SSL
if ((isset($_SERVER['HTTPS']) && (($_SERVER['HTTPS'] == 'on') || ($_SERVER['HTTPS'] == '1'))) || (isset($_SERVER['HTTPS']) &&    $_SERVER['SERVER_PORT'] == 443)) {
    $_SERVER['HTTPS'] = true;
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
    $_SERVER['HTTPS'] = true;
} else {
    $_SERVER['HTTPS'] = false;
}

What is $_SERVER['HTTP_X_FORWARDED_PROTO'] or $_SERVER['HTTP_X_FORWARDED_SSL']? I could't find them in PHP Manual.

asked Jun 24 '17 at 21:52

Coman Paul

1

Possible duplicate of [What is a full specification of X-Forwarded-Proto HTTP header?](https://stackoverflow.com/questions/13111080/what-is-a-full-specification-of-x-forwarded-proto-http-header) – Matt Jun 24 '17 at 22:00
2

In practice if you access a page via a load balancer or other kind of proxy, the connection from the user to the loadbalancer might be HTTPS but then forwarded via HTTP. That header lets the webserver know what the original protocol was. – apokryfos Jun 24 '17 at 22:02

Php Server: HTTP_X_FORWARDED_SSL usage

0 Answers0