Allow overload of is_ssl() via a filter
|Reported by:||superkus||Owned by:|
Would it be possible to add the is_ssl() function to the list of functions that can be overloaded via a plug-in?
The reason for this is that in some cases where SSL Offloading is used (SSL managed by an external device to the web server, say an F5 or STunnel), the $_SERVER['HTTPS'] will be false because the web server is only listening on plain HTTP.
If we could overload this function via a plug-in, we could check other common HTTP Headers used by some devices when doing SSL Offloading, HTTP_X_FORWARDED_PROTO, HTTP_FRONT_END_HTTPS or even a custom one the sysadmin chooses to inject to the request to let the web server know if the connection is secure or not.
Change History (11)
- Keywords 2nd-opinion added
- Milestone changed from Future Release to Awaiting Review