sanity: check X-Forwarded-Proto for self_url

diff --git a/include/sanity_check.php b/include/sanity_check.php
index 2f5315edf622a4a8fa4615c039eb9ccfe1d0f912..ea7b0da806e30da87793132368d54348116c16a8 100755 (executable)
--- a/include/sanity_check.php
+++ b/include/sanity_check.php
@@ -15,7 +15,8 @@
         * to get out. */
 
        function make_self_url_path() {
-               $url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' :  'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
+               $proto = ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ? 'https' : 'http';
+               $url_path = $proto . '://' . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
 
                return $url_path;
        }