From b16c0937f96d7240e2c04d7fccb04ca8b42b956d Mon Sep 17 00:00:00 2001
From: lars <lars@systemausfall.org>
Date: Wed, 13 Dec 2006 13:37:38 +0000
Subject: [PATCH] improved ssl-check

---
 src/cryptobox/web/sites.py | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/src/cryptobox/web/sites.py b/src/cryptobox/web/sites.py
index a0270c4..a16513b 100644
--- a/src/cryptobox/web/sites.py
+++ b/src/cryptobox/web/sites.py
@@ -408,18 +408,13 @@ class WebInterfaceSites:
 		if cherrypy.request.scheme == "https":
 			return True
 		## check an environment setting - this is quite common behind proxies
-		try:
-			if os.environ["HTTPS"]:
-				return True
-		except KeyError:
-			## check http header for ssl information
-			#TODO: (check pound for the name)
-			try:
-				if cherrypy.request.headers["XXX"]:
-					return True
-			except KeyError:
-				## the connection seems to be unencrypted
-				return False
+		if os.environ.has_key("HTTPS"):
+			return True
+		## this arbitrarily chosen header must be documented in README.proxy
+		#TODO: check http://jamesthornton.com/writing/openacs-pound.html for this
+		if cherrypy.request.headers.has_key("X-SSL-Request") \
+				and (cherrypy.request.headers["X-SSL-Request"] == "1"):
+			return True
 
 
 	def __set_web_lang(self, value):