From eca6db53b761c46e9cc004bd4d832fd9a1e7fbf5 Mon Sep 17 00:00:00 2001
From: Andreas Hackl <a@r0.at>
Date: Sat, 8 Jun 2024 16:04:39 +0200
Subject: [PATCH] add FORCE_HTTPS config option

$_SERVER['HTTPS'] is "the" automagic way of handling this, and *does*
work behind reverse proxies and stuff, but can admittedly be a pain to
configure correctly.

Handling X-Forwarded-Proto and friends in code instead of the webserver
config is a can of worms too (spoofing concerns), so I'm not gonna touch
that and add this explicit override instead.

part of #29
---
 index.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/index.php b/index.php
index a09c7f8..54e2f79 100755
--- a/index.php
+++ b/index.php
@@ -16,11 +16,13 @@ class CONFIG
     const EXTERNAL_HOOK = null; //external program to call for each upload
     const AUTO_FILE_EXT = false; //automatically try to detect file extension for files that have none
 
+    const FORCE_HTTPS = false; //force generated links to be https://
+
     const ADMIN_EMAIL = 'admin@example.com';  //address for inquiries
 
     public static function SITE_URL() : string
     {
-        $proto = ($_SERVER['HTTPS'] ?? 'off') == 'on' ? 'https' : 'http';
+        $proto = ($_SERVER['HTTPS'] ?? 'off') == 'on' || CONFIG::FORCE_HTTPS ? 'https' : 'http';
         return "$proto://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
     }
 };