Saturday, October 25, 2014

Detecting SSL in PHP on Heroku

In order to have a certified connection, websites would like to the user to use HTTPS instead of HTTP. However, sometimes we can't control what's the URL that the user request, which means that the user may ask for http://facebook.com instead of https://facebook.com.

So, to solve this problem, we detect that if the user is requesting HTTP URLs. And, if yes, response 301 to the user to ask him to redirect to our HTTPS site.

Normal, if we implement it in PHP, add the following code in the front of the file:


However, on Heroku, they don't have $_SERVER['HTTPS'] but $_SERVER['HTTP_X_FORWARDED_PROTO']) instead. So, we do: