refactor: improve HTTPS detection logic by using case-insensitive comparison for X-Forwarded-Proto header

2026-04-23 09:18:51 +02:00 · 2025-11-07 15:49:51 +08:00
parent e9ac3cd1a9
commit d81521f293
3 changed files with 5 additions and 3 deletions
--- a/internal/net/gphttp/middleware/forwardauth.go
+++ b/internal/net/gphttp/middleware/forwardauth.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"net"
 	"net/http"
+	"strings"
 	"time"

 	"github.com/yusing/godoxy/internal/route/routes"
@@ -71,7 +72,7 @@ func (m *forwardAuthMiddleware) before(w http.ResponseWriter, r *http.Request) (
 	}

 	proto := "http"
-	if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
+	if r.TLS != nil || strings.EqualFold(r.Header.Get("X-Forwarded-Proto"), "https") {
 		proto = "https"
 	}

--- a/internal/net/gphttp/middleware/redirect_http.go
+++ b/internal/net/gphttp/middleware/redirect_http.go
@@ -19,7 +19,7 @@ var RedirectHTTP = NewMiddleware[redirectHTTP]()

 // before implements RequestModifier.
 func (m *redirectHTTP) before(w http.ResponseWriter, r *http.Request) (proceed bool) {
-	if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
+	if r.TLS != nil || strings.EqualFold(r.Header.Get("X-Forwarded-Proto"), "https") {
 		return true
 	}