$_SERVER['HTTPS'] can be exists and 'off' for non-https connectios

diff --git a/include/functions.php b/include/functions.php
index ad6f2689ce9d9401d257eed549ef604046cada3f..ba5a699b9a64cf9986330db93cf9f1dfa8644e50 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -1782,7 +1782,7 @@
        }
 
        function is_server_https() {
-               return $_SERVER['HTTPS'] == 'on' || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+               return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
        }
 
        function is_prefix_https() {

diff --git a/include/sessions.php b/include/sessions.php
index 0690ab7ed0a84b5924dcbf332ddf1f0c5b365b95..3d6e6e2c627a8c1339435d259d7a54af6bd800a5 100644 (file)
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -12,7 +12,7 @@
        $session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
        $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
 
-       if (@$_SERVER['HTTPS'] == "on") {
+       if ((!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || @$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
                $session_name .= "_ssl";
                ini_set("session.cookie_secure", true);
        }

diff --git a/install/index.php b/install/index.php
index 4239f5893f949e84f84a9de47538204cf1f8bbcd..8835730018ee9b407384b8c283c199cc4a1e043c 100755 (executable)
--- a/install/index.php
+++ b/install/index.php
@@ -180,7 +180,7 @@
        }
 
        function is_server_https() {
-               return $_SERVER['HTTPS'] == 'on' || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+               return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
        }
 
        function make_self_url_path() {