$_SERVER['HTTPS'] can be exists and 'off' for non-https connectios

author: Natan Frei <[email protected]> 2017-07-17 00:44:48 +0300
committer: Natan Frei <[email protected]> 2017-07-17 00:44:48 +0300
commit: e234ac8dcb2fa73bc573fea1e809ef45b3392ca7 (patch)
tree: fc536b1228b5c671fb0eb420fb2e2b4431b29b1a /include
parent: 9fa3ae09a6fe791805ee63e87fcac970e3f037ed (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/include/functions.php b/include/functions.php
index ad6f2689c..ba5a699b9 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1782,7 +1782,7 @@
 	}
 
 	function is_server_https() {
-		return $_SERVER['HTTPS'] == 'on' || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
+		return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
 	}
 
 	function is_prefix_https() {
diff --git a/include/sessions.php b/include/sessions.php
index 0690ab7ed..3d6e6e2c6 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -12,7 +12,7 @@
 	$session_expire = min(2147483647 - time() - 1, max(SESSION_COOKIE_LIFETIME, 86400));
 	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
 
-	if (@$_SERVER['HTTPS'] == "on") {
+	if ((!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || @$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
 		$session_name .= "_ssl";
 		ini_set("session.cookie_secure", true);
 	}
author	Natan Frei <[email protected]>	2017-07-17 00:44:48 +0300
committer	Natan Frei <[email protected]>	2017-07-17 00:44:48 +0300
commit	e234ac8dcb2fa73bc573fea1e809ef45b3392ca7 (patch)
tree	fc536b1228b5c671fb0eb420fb2e2b4431b29b1a /include
parent	9fa3ae09a6fe791805ee63e87fcac970e3f037ed (diff)