From a0dd416e8a4ff6365df042474c34ace4243a1467 Mon Sep 17 00:00:00 2001
From: Markus Heiser <markus.heiser@darmarIT.de>
Date: Sun, 10 Aug 2025 11:08:57 +0200
Subject: [PATCH] [fix] use X-Forwarded-Proto header if the URL scheme is
 unknown (#5106)

The HTTP X-Forwarded-Proto (XFP) request header is a de-facto standard header
for identifying the protocol (HTTP or HTTPS) that a client used to connect to a
proxy or load balancer.[1]

In our documentation[2] we recommend to set the `X-Scheme` header. This header
is not required if the `server.base_url` is set correctly.[3]

If none of these URL scheme details exist, then the header X-Forwarded-Proto is
evaluated as a third alternative.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Forwarded-Proto
[2] https://docs.searxng.org/admin/installation-apache.html#apache-s-searxng-site
[3] https://docs.searxng.org/admin/settings/settings_server.html

Closes: https://github.com/searxng/searxng/issues/5105
---
 searx/flaskfix.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/searx/flaskfix.py b/searx/flaskfix.py
index 4282824a3..cb2d87d44 100644
--- a/searx/flaskfix.py
+++ b/searx/flaskfix.py
@@ -59,7 +59,7 @@ class ReverseProxyPathFix:
             if path_info.startswith(script_name):
                 environ['PATH_INFO'] = path_info[len(script_name) :]
 
-        scheme = self.scheme or environ.get('HTTP_X_SCHEME', '')
+        scheme = self.scheme or environ.get('HTTP_X_SCHEME') or environ.get('HTTP_X_FORWARDED_PROTO')
         if scheme:
             environ['wsgi.url_scheme'] = scheme