From 745ec80652696045af0f074a6ea63cf384a73641 Mon Sep 17 00:00:00 2001
From: Ben Harris <mail@bharr.is>
Date: Mon, 12 Oct 2015 11:23:46 +1100
Subject: [PATCH] Support SSL offloading

This adds a TRUSTED_PROXIES environment variable that enables the `Request::secure()` method to correctly and securely identify when a connection is passing through a SSL offloading frontend.
---
 app/Http/Middleware/StartupCheck.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/Http/Middleware/StartupCheck.php b/app/Http/Middleware/StartupCheck.php
index b00496f2ed4d..164bb38da5d4 100644
--- a/app/Http/Middleware/StartupCheck.php
+++ b/app/Http/Middleware/StartupCheck.php
@@ -25,6 +25,13 @@ class StartupCheck
      */
     public function handle($request, Closure $next)
     {
+        // Set up trusted X-Forwarded-Proto proxies
+        // TRUSTED_PROXIES accepts a comma delimited list of subnets
+        //
+        // TRUSTED_PROXIES='10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
+        if (isset($_ENV['TRUSTED_PROXIES'])) {
+            Request::setTrustedProxies(array_map('trim',explode(",",env('TRUSTED_PROXIES'))));
+        }
         // Ensure all request are over HTTPS in production
         if (App::environment() == ENV_PRODUCTION && !Request::secure()) {
             return Redirect::secure(Request::getRequestUri());