Currently, drupal_settings_initialize() does an important detection to try and determine whether the current request is https or not:
$is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
Among other things, this check prevents Drupal from serving up "mixed content" pages where http resources are served with a https page.
If your web server communicates with PHP over http even when the end user is hitting the server with a https request then Drupal doesn't "see" that it is supposed to provide a https page for the end user.
Generally, when a server is configured like this it "forwards" the protocol the end user needs to PHP with $_SERVER['HTTP_X_FORWARDED_PROTO'] so Drupal should check to see if that exists before assuming the page is http.
An example of this situation is https sites on Acquia cloud, their docs at https://docs.acquia.com/cloud/configure/https say to do this as a workaround:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' &&
isset($_SERVER['REMOTE_ADDR']) &&
strpos($_SERVER['REMOTE_ADDR'], '10.') === 0) {
$_SERVER['HTTPS'] = 'on';
}
Which is a hack to provide the logic that Drupal core could be using anyway.
But another example would be if you were using nginx with PHP as a backend, this is definitely not just an "Acquia thing".
Review Bonus:
https://drupal.org/comment/8434783#comment-8434783 +2
Total: 2
Comment | File | Size | Author |
---|---|---|---|
#3 | 2181941-3.patch | 953 bytes | thedavidmeister |
#1 | 2181941-1.patch | 658 bytes | thedavidmeister |
Comments
Comment #1
thedavidmeister CreditAttribution: thedavidmeister commentedPatch.
Comment #2
thedavidmeister CreditAttribution: thedavidmeister commentedHere's another example of where this is useful http://stackoverflow.com/questions/452375/detecting-https-requests-in-php
Comment #3
thedavidmeister CreditAttribution: thedavidmeister commentedThis patch might be a better approach as it would be compatible with any code anywhere checking $_SERVER['https'] (it simply sets $_SERVER['https'] to 'on' if appropriate after checking HTTP_X_FORWARDED_PROTO).
/core/vendor/zendframework/zend-feed/Zend/Feed/PubSubHubbub/AbstractCallback.php does this in _getHttpHost()
Comment #4
thedavidmeister CreditAttribution: thedavidmeister commentedComment #5
Damien Tournoud CreditAttribution: Damien Tournoud commentedSee #313145: Support X-Forwarded-* HTTP headers alternates.
Comment #6
thedavidmeister CreditAttribution: thedavidmeister commentedok, i'll take further discussion there. Thanks.