From 007c85060defb6f124b0e1100b06d7ff7d613f9a Mon Sep 17 00:00:00 2001 From: Tristan Bessoussa Date: Wed, 30 Jan 2019 17:48:09 +0100 Subject: [PATCH 1/4] Detect HTTPS if wordpress is behind a reverse proxy Hello, It'd be great if HTTPS would be working behind a reverse proxy, which is very common when using a PaaS or a WAF, or any decent cloud providers. https://codex.wordpress.org/Function_Reference/is_ssl#Notes Since it's a condition, it does not harm existing wordpress installations. --- config/application.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/application.php b/config/application.php index 269b977947..3f69544ef4 100644 --- a/config/application.php +++ b/config/application.php @@ -95,6 +95,10 @@ require_once $env_config; } +if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { + $_SERVER['HTTPS'] = 'on'; +} + Config::apply(); /** From 9d21b69b393853126d3c8f254061da748c23e9f2 Mon Sep 17 00:00:00 2001 From: Tristan Bessoussa Date: Thu, 31 Jan 2019 10:40:17 +0100 Subject: [PATCH 2/4] Moved the block before env loading and added comment --- config/application.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/config/application.php b/config/application.php index 3f69544ef4..6eca6ad3dc 100644 --- a/config/application.php +++ b/config/application.php @@ -89,16 +89,20 @@ Config::define('SCRIPT_DEBUG', false); ini_set('display_errors', 0); +/** + * Allow Wordpress to detect HTTPS when used behind a reverse proxy or a load balancer + * See https://codex.wordpress.org/Function_Reference/is_ssl#Notes + */ +if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { + $_SERVER['HTTPS'] = 'on'; +} + $env_config = __DIR__ . '/environments/' . WP_ENV . '.php'; if (file_exists($env_config)) { require_once $env_config; } -if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { - $_SERVER['HTTPS'] = 'on'; -} - Config::apply(); /** From 34dee6b7a978389cf2b08b732042fa72196ce0a7 Mon Sep 17 00:00:00 2001 From: Tristan Bessoussa Date: Fri, 1 Feb 2019 16:34:12 +0100 Subject: [PATCH 3/4] WordPress --- config/application.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/application.php b/config/application.php index 6eca6ad3dc..24b1d41539 100644 --- a/config/application.php +++ b/config/application.php @@ -90,7 +90,7 @@ ini_set('display_errors', 0); /** - * Allow Wordpress to detect HTTPS when used behind a reverse proxy or a load balancer + * Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer * See https://codex.wordpress.org/Function_Reference/is_ssl#Notes */ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { From ea6edfb100e63f9feae4a30e6b89f939f9bea636 Mon Sep 17 00:00:00 2001 From: Austin Pray Date: Sat, 2 Feb 2019 23:24:06 +0100 Subject: [PATCH 4/4] Update config/application.php Co-Authored-By: tristanbes --- config/application.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/application.php b/config/application.php index 24b1d41539..bb06227d15 100644 --- a/config/application.php +++ b/config/application.php @@ -93,7 +93,7 @@ * Allow WordPress to detect HTTPS when used behind a reverse proxy or a load balancer * See https://codex.wordpress.org/Function_Reference/is_ssl#Notes */ -if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { +if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; }