From: Natan Frei Date: Sun, 16 Jul 2017 21:44:48 +0000 (+0300) Subject: $_SERVER['HTTPS'] can be exists and 'off' for non-https connectios X-Git-Tag: 17.12~142^2 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=e234ac8dcb2fa73bc573fea1e809ef45b3392ca7;p=tt-rss.git $_SERVER['HTTPS'] can be exists and 'off' for non-https connectios --- diff --git a/include/functions.php b/include/functions.php index ad6f2689..ba5a699b 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1782,7 +1782,7 @@ } function is_server_https() { - return $_SERVER['HTTPS'] == 'on' || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; + return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; } function is_prefix_https() { diff --git a/include/sessions.php b/include/sessions.php index 0690ab7e..3d6e6e2c 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -12,7 +12,7 @@ $session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400)); $session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME; - if (@$_SERVER['HTTPS'] == "on") { + if ((!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || @$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $session_name .= "_ssl"; ini_set("session.cookie_secure", true); } diff --git a/install/index.php b/install/index.php index 4239f589..88357300 100755 --- a/install/index.php +++ b/install/index.php @@ -180,7 +180,7 @@ } function is_server_https() { - return $_SERVER['HTTPS'] == 'on' || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; + return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; } function make_self_url_path() {