effectiveScheme returns "https" if the request is genuinely on TLS or arrived through a trusted proxy that declares X-Forwarded-Proto: https. Untrusted X-Forwarded-Proto headers are ignored.
(r *http.Request)
| 242 | // arrived through a trusted proxy that declares X-Forwarded-Proto: https. |
| 243 | // Untrusted X-Forwarded-Proto headers are ignored. |
| 244 | func (s *Server) effectiveScheme(r *http.Request) string { |
| 245 | if r.TLS != nil { |
| 246 | return "https" |
| 247 | } |
| 248 | if s.peerIsTrustedProxy(r) { |
| 249 | if forwarded := strings.TrimSpace(strings.Split(r.Header.Get("X-Forwarded-Proto"), ",")[0]); forwarded != "" { |
| 250 | return strings.ToLower(forwarded) |
| 251 | } |
| 252 | } |
| 253 | if s.currentConfig().BehindTLS { |
| 254 | return "https" |
| 255 | } |
| 256 | return "http" |
| 257 | } |
| 258 | |
| 259 | func (s *Server) requestOrigin(r *http.Request) string { |
| 260 | scheme := s.effectiveScheme(r) |
no test coverage detected