From c242f5a2abf4b99b0da205473cbba034f306bfe2 Mon Sep 17 00:00:00 2001
From: Erik Huelsmann <ehuels@gmail.com>
Date: Thu, 16 Sep 2021 23:36:11 +0200
Subject: [PATCH] Use HTTPS environment setting to detect https connections

the ReverseProxy module doesn't rewrite SERVER_PROTOCOL but it does
change HTTPS based on X-Forwarded-* headers.
---
 lib/LedgerSMB/Middleware/AuthenticateSession.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/LedgerSMB/Middleware/AuthenticateSession.pm b/lib/LedgerSMB/Middleware/AuthenticateSession.pm
index 8dbcacddd6..063e444153 100644
--- a/lib/LedgerSMB/Middleware/AuthenticateSession.pm
+++ b/lib/LedgerSMB/Middleware/AuthenticateSession.pm
@@ -209,7 +209,7 @@ sub call {
     $dbh->rollback;
     $dbh->disconnect;
 
-    my $secure = ($env->{SERVER_PROTOCOL} eq 'https') ? '; Secure' : '';
+    my $secure = ($env->{HTTPS} eq 'ON') ? '; Secure' : '';
     my $path = LedgerSMB::PSGI::Util::cookie_path($env->{SCRIPT_NAME});
     return Plack::Util::response_cb(
         $res, sub {