From 01ba0f75718c0342276cfd7b3c269f9effe5ef56 Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <awilkinson@pivotal.io>
Date: Mon, 22 Jun 2015 13:43:02 +0100
Subject: [PATCH] Make RemoteIpValve's protocolHeaderHttpsValue configurable
 via the env

Closes gh-3289
---
 .../boot/autoconfigure/web/ServerProperties.java   | 14 ++++++++++++++
 .../autoconfigure/web/ServerPropertiesTests.java   |  3 +++
 .../asciidoc/appendix-application-properties.adoc  |  1 +
 3 files changed, 18 insertions(+)

diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
index 17a9c0acc1b..eeda381f9ad 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
@@ -271,6 +271,11 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
 		 */
 		private String protocolHeader;
 
+		/**
+		 * Value of the protocol header that indicates that the incoming request uses SSL.
+		 */
+		private String protocolHeaderHttpsValue = "https";
+
 		/**
 		 * Name of the HTTP header used to override the original port value.
 		 */
@@ -400,6 +405,14 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
 			this.protocolHeader = protocolHeader;
 		}
 
+		public String getProtocolHeaderHttpsValue() {
+			return this.protocolHeaderHttpsValue;
+		}
+
+		public void setProtocolHeaderHttpsValue(String protocolHeaderHttpsValue) {
+			this.protocolHeaderHttpsValue = protocolHeaderHttpsValue;
+		}
+
 		public String getPortHeader() {
 			return this.portHeader;
 		}
@@ -445,6 +458,7 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer, Ord
 				valve.setProtocolHeader(protocolHeader);
 				valve.setInternalProxies(getInternalProxies());
 				valve.setPortHeader(getPortHeader());
+				valve.setProtocolHeaderHttpsValue(getProtocolHeaderHttpsValue());
 				factory.addContextValves(valve);
 			}
 
diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
index 016965c72b4..2e172e82208 100644
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
@@ -165,6 +165,7 @@ public class ServerPropertiesTests {
 		assertThat(valve, instanceOf(RemoteIpValve.class));
 		RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
 		assertEquals("x-forwarded-proto", remoteIpValve.getProtocolHeader());
+		assertEquals("https", remoteIpValve.getProtocolHeaderHttpsValue());
 		assertEquals("x-forwarded-for", remoteIpValve.getRemoteIpHeader());
 
 		String expectedInternalProxies = "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 10/8
@@ -182,6 +183,7 @@ public class ServerPropertiesTests {
 		map.put("server.tomcat.protocol_header", "x-my-protocol-header");
 		map.put("server.tomcat.internal_proxies", "192.168.0.1");
 		map.put("server.tomcat.port-header", "x-my-forward-port");
+		map.put("server.tomcat.protocol-header-https-value", "On");
 		bindProperties(map);
 
 		TomcatEmbeddedServletContainerFactory container = new TomcatEmbeddedServletContainerFactory();
@@ -192,6 +194,7 @@ public class ServerPropertiesTests {
 		assertThat(valve, instanceOf(RemoteIpValve.class));
 		RemoteIpValve remoteIpValve = (RemoteIpValve) valve;
 		assertEquals("x-my-protocol-header", remoteIpValve.getProtocolHeader());
+		assertEquals("On", remoteIpValve.getProtocolHeaderHttpsValue());
 		assertEquals("x-my-remote-ip-header", remoteIpValve.getRemoteIpHeader());
 		assertEquals("x-my-forward-port", remoteIpValve.getPortHeader());
 		assertEquals("192.168.0.1", remoteIpValve.getInternalProxies());
diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
index 9bd16f8277e..a74abfe5c43 100644
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@@ -81,6 +81,7 @@ content into your application; rather pick only the properties that you need.
 			169\\.254\\.\\d{1,3}\\.\\d{1,3}|\\
 			127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3} # regular expression matching trusted IP addresses
 	server.tomcat.protocol-header=x-forwarded-proto # front end proxy forward header
+	server.tomcat.protocol-header-https-value=https # value of the protocol header that indicates that the incoming request uses SSL
 	server.tomcat.port-header= # front end proxy port header
 	server.tomcat.remote-ip-header=x-forwarded-for
 	server.tomcat.basedir=/tmp # base dir (usually not needed, defaults to tmp)