Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
None
Description
When NS server is sat behind a load-balancer which is terminating SSL, a redirect will end up returning the wrong scheme, probably related to this bit of code here:
The load balancer should be operating in http mode, and inserting the X-Forwarded-Proto header which indicates the client is actually talking TLS. In this case we need to return the https scheme if either the socket is TLS enabled, or the X-Forwarded-Proto header is set to https.
This may be required elsewhere too...