From 4cf684a701fcf175bf2104bef66f91ac7549818f Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 8 May 2014 18:50:33 -0700
Subject: [PATCH] better checking for SSL servers, even though it probably
 doesn't fix the cookie bug

---
 doc/install/sample-nginx.conf | 2 ++
 index.php                     | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/install/sample-nginx.conf b/doc/install/sample-nginx.conf
index cd12d8dea..ade323a4f 100644
--- a/doc/install/sample-nginx.conf
+++ b/doc/install/sample-nginx.conf
@@ -59,6 +59,8 @@ server {
   ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
   ssl_prefer_server_ciphers on;
 
+  fastcgi_param HTTPS on;
+
   index index.php;
   charset utf-8;
   root /var/www/red;
diff --git a/index.php b/index.php
index ed3c25f07..a07c1a633 100755
--- a/index.php
+++ b/index.php
@@ -63,7 +63,7 @@ if(! $a->install) {
 			((isset($arr['lifetime']))  ? $arr['lifetime'] : 60*5),
 			((isset($arr['path']))      ? $arr['path']     : '/'),
 			((isset($arr['domain']))    ? $arr['domain']   : $a->get_hostname()),
-			((isset($_SERVER['HTTPS'])) ? true             : false),
+			((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
 			((isset($arr['httponly']))  ? $arr['httponly'] : true));
 	}
 }