+ // Note: HTTP_X_FORWARDED_PROTO could be sent from the client and
+ // therefore possibly spoofed/hackable. Thus, SquirrelMail
+ // ignores such headers by default. The administrator
+ // can tell SM to use such header values by setting
+ // $sq_ignore_http_x_forwarded_headers to boolean FALSE
+ // in config/config.php or by using config/conf.pl.
+ global $sq_ignore_http_x_forwarded_headers;
+ if ($sq_ignore_http_x_forwarded_headers
+ || !sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER))
+ $forwarded_proto = '';