HTTP_X_FORWARDED_PROTO Not Consistent Anymore

We have an issue that just started the other day when Firefox released a new version. The issue disappears when we bypass Cloudflare. We started getting complaints across our properties about “too many redirect” errors from Firefox. Then we noticed someone had actually opened up a bug tracker incident with Mozilla, mentioning one of our properties:

This happens with multiple software and different type servers (apache and nginx) on our network.

We do some redirects when users are going to our login page to make sure they are using https instead of http. Part of this code depends on HTTP_X_FORWARDED_PROTO being properly set.

When using the latest version of Firefox IN A PRIVATE WINDOW, to this URL for example: (or many others in the forums) you can see the error. Refresh it a few times (soft and hard) and you will see it goes away from time to time.

When going to the login page: www DOT bigsoccer DOT com/login/ It SHOULD redirect you to the https page and it generally does the first time. Try entering the URL a second time (with http) and all of a sudden, no redirect.

In our PHP code we fire the redirect if _SERVER['HTTP_X_FORWARDED_PROTO'] == 'http' or _SERVER[‘HTTPS’] == ‘off’

The first call where everything works, shows HTTP_X_FORWARDED_PROTO as http, but the second time, it shows it as https even when it is not. It seems like something is being cached there in the request when it shouldn’t be.

Please note, this code and these properties have not changed at all in a few months. This only happens with Firefox and if we bypass Cloudflare, the issue goes away. Has something changed?

(Edited above _SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘http’ not ‘https’)

This topic was automatically closed after 14 days. New replies are no longer allowed.