From 47d2b49e2b938a1c0c2e13830505a6d019ee65fe Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Thu, 18 Feb 2021 14:29:48 +0000
Subject: [PATCH] more login hacking

---
 synapse/http/site.py | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/synapse/http/site.py b/synapse/http/site.py
index 4a4fb5ef26..7421c172e4 100644
--- a/synapse/http/site.py
+++ b/synapse/http/site.py
@@ -333,14 +333,28 @@ class SynapseRequest(Request):
 
 
 class XForwardedForRequest(SynapseRequest):
-    def __init__(self, *args, **kw):
-        SynapseRequest.__init__(self, *args, **kw)
-
     """
     Add a layer on top of another request that only uses the value of an
     X-Forwarded-For header as the result of C{getClientIP}.
+
+    XXX: I think the right way to do this is with request.setHost().
     """
 
+    def __init__(self, *args, **kw):
+        SynapseRequest.__init__(self, *args, **kw)
+
+        forwarded_header = self.getHeader(b"x-forwarded-proto")
+        if forwarded_header is not None:
+            self._is_secure = forwarded_header.lower() == b"https"
+        else:
+            logger.warning(
+                "received request lacks an x-forwarded-proto header: assuming https"
+            )
+            self._is_secure = True
+
+    def isSecure(self):
+        return self._is_secure
+
     def getClientIP(self):
         """
         @return: The client address (the first address) in the value of the