SSL Not properly detected on Heroku


I work alot with Facebook, and like it’s integration with heroku. I ran into a problem that took me quite a while to figure out.

I use $this->redirect(’/module/controller/action’) to go from one module to another.

Apperently when the first char is a ‘/’. Yii prepends HostInfo, which checks for a secure connection through $_SERVER[‘HTTPS’].

	public function getIsSecureConnection()


		return isset($_SERVER['HTTPS']) && !strcasecmp($_SERVER['HTTPS'],'on');


Heroku doesn’t have that property. Instead it uses


So yii appends a and breaks the ssl connection. Since facebook users can have a http connection alsoo, I cannot force https in every url.

I was wondering: What is a good way to overwrite the way how Yii detects what type of protocol the server is on. A way which would allow me to work a normal natural way (using $this->redirect // CController::redirect // yii->app()->request->redirect). Can you extend CHTTPRequest and overwrite getIsSecureConnection before the app has started (so it bubbles down to all existing modules)

The simplest solution that I can think of is to add some custom check to the index.php and set the $_SERVER[‘HTTPS’] to true or false…

created bug #3131

-edit- qiang rejected it, suggesting the same workaround as mdomba

I’ve created a support ticket at Heroku to supply the proper $_SERVER[‘HTTPS’] property

-edit- Heroku fixed it :)

Thanks for the tip! I’ll probally put this in a config/helper file for reusability.

This is btw not only a heroku problem but rather a proxy webhost. I found a simular thread with Zend framework

A user stated that checking on HTTP_X_FORWARDED_PROTO is not secure, because it could be send by the user as a header.

As I’m not that concerned about security (its not like Im transferring creditcards/passwords etc), but rather following Facebooks rule that every APP must use SSL, I’ll probally use the tip mdomba gave