This was submitted by Peter on Github:
Some SSL (https) servers/setups do not have the $_SERVER['HTTPS'] variable to on.
But they do have a $_SERVER['HTTP_X_FORWARDED_PROTO'] value set to 'https'.
See for more details:
This PR adds a check for that variable to the isSSLConnection method.
It also adds a few more checks and makes the whole thing more solid.
Also I have replaced some inline checks in other code to use this isSSLConnection method instead (= DRY).
Test instructions
Test if the different JUri methods and other functionalities that rely on SSL still work. And more-so if they now work on setups that use that HTTP_X_FORWARDED_PROTO var.
Things you can check (on SLL urls):
$uri = JUri::getInstance();
echo '<p>JUri Scheme = ' . $uri->toString(array('scheme')) . '</p>' . "\n"; // should be 'https://'
echo '<p>JUri Root = ' . JUri::root() . '</p>' . "\n"; // should start with 'https://'
echo '<p>isSSLConnection = ' . (JFactory::getApplication()->isSSLConnection() ? 'true' : 'false') . '</p>' . "\n"; // should be 'true'
Opened On:
8 May 2013, 9:16 by Nick Savov
Closed On:
4 Oct 2013, 2:31

Filed Under

  • CMS Libraries
  • No Platform Implications


Posted on 19 Jun 2013, 18:58 by Kevin Devine
Excellent. I was looking to see if this had been addressed but you beet me to it. No need for me to create a patch I guess. It's been a while so I was kind of looking forward to doing that though.

Anyway, for further background, I just ran into an issue forcing ssl on a load balanced Joomla site and $_SERVER['HTTPS'] was undefined. The best solution was to check for $_SERVER['HTTP_X_FORWARDED_PROTO'].
Posted on 19 Jun 2013, 22:40 by Nick Savov
HI Kevin,

Awesome! Please test the above patch, as good tests are needed for the patch to be accepted.
Posted on 4 Oct 2013, 2:06 by Peter van Westen

Please cloase as there seems to be no interest in this.
Posted on 4 Oct 2013, 2:31 by Brian Teeman

Closed as requested
Posted on 30 Dec 2014, 5:25 by Tony Partridge

This is becoming needed more and more with the likes of Cloudflare. See my comments on: