Allow overload of is_ssl() via a filter

[superkus]

Hi !

Would it be possible to add the is_ssl() function to the list of functions that can be overloaded via a plug-in?

The reason for this is that in some cases where SSL Offloading is used (SSL managed by an external device to the web server, say an F5 or STunnel), the $_SERVER['HTTPS'] will be false because the web server is only listening on plain HTTP.

If we could overload this function via a plug-in, we could check other common HTTP Headers used by some devices when doing SSL Offloading, HTTP_X_FORWARDED_PROTO, HTTP_FRONT_END_HTTPS or even a custom one the sysadmin chooses to inject to the request to let the web server know if the connection is secure or not.

Related: #19337, #15733

That patch is faulty, $is_ssl will always be false due to line 3698.

patch adding apply_filters() to is_ssl()

Replying to johnbillion:

That patch is faulty, $is_ssl will always be false due to line 3698.

Ah yes, stupid error with an easy fix: fixed patch uploaded.

Might this filter be too low level for plugins to safely use? I feel like it may try to be used in place of other aspects like forcing SSL and what not, rather than for correcting the $_SERVER vars.

Chances are, someone filtering this will likely still need to forward on the remote IP and possibly the server port. And this filter does nothing for plugins checking $_SERVER['HTTPS'] on their own, which isn't "wrong" per se — is_ssl() is more of a helper function than a WordPress environment function.

I've not tested this but I wouldn't be surprised to find it possible that we call is_ssl before apply_filters is available.

I think fixing the environment in wp-config.php is probably a more reliable way to ensure this on a site by site basis.

+1 for the filtering of is_ssl().

I still don't find this to be a good idea.