Hey guys,
I am playing around with some HTTP2 features like HTTP/2 Push.
I want to check in my code if the request is via HTTPS and HTTP/2 to decide if I have to add the Link
-Header or not.
We are using a Proxy to terminate SSL (as many of you probably do with cloudflare, e.g. I think?) and internally we are using HTTP. Thus there are several standards to tell other servers the original protocol, e.g.
There are “X-Forwarded-Proto” for the protocol (http/https) and several other “X-Forwarded-*” Headers to map. Ive recently contributed the “X-Forwarded-Host” to laminas-diactoros but there is absolutely no way to see if the original request is HTTP/2 or not.
Thus, I searched for a header where this information could be found. And voila, some proxies (mostly public ones) are providing a “Via”-Header where the version can be found.
However, there should be a way to trust some proxies and ignore the others (thus to ensure that we are not passing the protocol version of a proxy which is not in our hands.
Does anyone have an idea if and if so, how I should implement this in both laminas-http and laminas-diactoros without introducing breaking changes, e.g.
Would love to get feedback here.