On Tue Apr 27, 2021 at 4:55 PM EDT, Stuart Henderson wrote: > It's the other way round, this (or proto= in the newer standardised > Forwarded header) would be set by a reverse proxy to indicate the > protocol that the client request came in on so that something running on > the webserver could react accordingly (either in URL construction or to > issue a redirect to https if wanted).
Yeah - out in the wild, reverse proxies rewrite Location themselves (in potentially more complicated ways, because whatever they're proxying might think it's http://web-internal-123:8888). E.g., nginx proxy_pass does this, and it can be manually changed with proxy_redirect. What I don't think nginx does is rewrite its own Location headers based on incoming forwarding headers, like this diff does. If I generate a 301 from nginx over nc with X-Forwarded-Proto: https, the Location it gives me starts with http://. It can probably be *configured* to do it somehow, it's a behemoth.
