Get user intended scheme
-
Suppose, I am an ultra-noob user who recently started using CF just for Flexible SSL, do not know about updating http to https in General setting.
I started setting up this plugin, later I came to know my page rule uses http:// instead of https:// to avoid this case… how about focusing user-intent than General Settings?
/** * * #1. We may not rely on URL of WordPress General Settings * ---------------------------------------------------------------- * * Case 1: Some beginner using Flexible SSL * may have http:// not https:// in the settings * to avoid instant redirect-loop or by mistake ignored. * * * While maintaning HTTPS and avoiding Redirect Loop is possible * * if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on'; * * But we dont know about a user site condition. * * Case 2: At RC, after one-click WP installation and cert installation... * * It does not automatically force HTTPS in General settings nor hint. * So, It's easy to forget and assume everything is set. * * * #2. Well, I cannot recommend $_SERVER[REQUEST_SCHEME] due prev ver OLS * ---------------------------------------------------------------------- * * OLS < 1.5.11 which comes at one-click installer in DO doesn't support it. * https://openlitespeed.org/release-log/legacy-releases/ * * * ============ SOLUTION ============ * If user can access WordPress over HTTPS, assume that 100% intent is HTTPS. * That SCHEME can be used in the Page Rule which set Cache Level: Everything * * * */ function get_request_scheme() { if ( isset( $_SERVER['REQUEST_SCHEME'] ) && ( $_SERVER['REQUEST_SCHEME'] == 'https' )) { return 'https'; } if ( !empty( $_SERVER['HTTP_X_PROTO'] ) && ( $_SERVER['HTTP_X_PROTO'] == 'SSL' ) ) { return 'https'; } if ( isset( $_SERVER['SERVER_PORT'] ) && ( $_SERVER['SERVER_PORT'] == '443' ) ) { return 'https'; } if ( isset( $_SERVER['HTTPS'] ) && ( strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == '1' ) ) { return 'https'; } if ( !empty( $_SERVER['HTTP_X_FORWARDED_SSL'] ) && ( $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on' ) ) { return 'https'; } if ( !empty( $_SERVER['HTTP_X_FORWARDED_SSL'] ) && ( $_SERVER['HTTP_X_FORWARDED_SSL'] == '1' ) ) { return 'https'; } if ( !empty( $_SERVER['HTTP_X_PROTO'] ) && ( $_SERVER['HTTP_X_PROTO'] == 'SSL' ) ) { return 'https'; } if ( !empty( $_SERVER['HTTP_CF_VISITOR'] ) && ( strpos( $_SERVER['HTTP_CF_VISITOR'], 'https' ) !== false ) ) { return 'https'; } if ( !empty( $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] ) && ( $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https' ) ) { return 'https'; } if ( isset( $_ENV['HTTPS'] ) && ( $_ENV['HTTPS'] == 'on') ) { return 'https'; } return "http"; }
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Get user intended scheme’ is closed to new replies.