我知道在旧版本中,他们已经获得了安全保障。领域,但那似乎不再存在了?还有可能找到这个吗? (2.2.1)
答案 0 :(得分:0)
根据维基百科here,这种信息作为HTTP请求标头存在事实上的标准。所以在scala中获得这个:
val x-forwarded-proto = request.headers("X-FORWARDED-PROTO")
如果此值为" https",那么"安全"。
事实上,您可以查找较旧的Play代码here(java)。
private boolean isRequestSecure() {
Header xForwardedProtoHeader = headers.get("x-forwarded-proto");
Header xForwardedSslHeader = headers.get("x-forwarded-ssl");
// Check the less common "front-end-https" header,
// used apparently only by "Microsoft Internet Security and Acceleration Server"
// and Squid when using Squid as a SSL frontend.
Header frontEndHttpsHeader = headers.get("front-end-https");
return ("https".equals(Play.configuration.get("XForwardedProto")) ||
(xForwardedProtoHeader != null && "https".equals(xForwardedProtoHeader.value())) ||
(xForwardedSslHeader != null && "on".equals(xForwardedSslHeader.value())) ||
(frontEndHttpsHeader != null && "on".equals(frontEndHttpsHeader.value().toLowerCase())));
}
奇怪的是,它再次出现在master branch上。