From ba9f4461d8935bb9de256a5bedf0c89d3d317c7f Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 8 Mar 2016 19:00:04 +0100
Subject: Secure cookie HTTPS

---
 lib/Minz/Request.php | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

(limited to 'lib/Minz/Request.php')

diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index effb9943c..81457df9e 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -84,6 +84,17 @@ class Minz_Request {
 		self::magicQuotesOff();
 	}
 
+	/**
+	 * Return true if the request is over HTTPS, false otherwise (HTTP)
+	 */
+	public static function isHttps() {
+		if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+			return strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https';
+		} else {
+			return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+		}
+	}
+
 	/**
 	 * Try to guess the base URL from $_SERVER information
 	 *
@@ -92,11 +103,7 @@ class Minz_Request {
 	public static function guessBaseUrl() {
 		$url = 'http';
 
-		if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
-			$https = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https';
-		} else {
-			$https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
-		}
+		$https = self::isHttps();
 
 		if (!empty($_SERVER['HTTP_HOST'])) {
 			$host = $_SERVER['HTTP_HOST'];
-- 
cgit v1.2.3