Vulnerability in EPiServer.Forms
Is there a confiruation key to enable in web.config for X-Forwarded-Proto support https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto.
I know there is one for X-Forwarded-For as we have sucessfully used it in conjunction with our load balancer. Cant seem to find anything in docs when searching.
What kind of configuration are you looking for? What should it do?
Do you want to do redirects to HTTPS, when requests are HTTP?
Awareness of if the request came in on HTTP or HTTPS.
Turns out there was some issue with the way the HttpContext was being accessed in the code so even though we were sending the header it wasnt working quite as expected.
Okay. Then you are right: you don't need to make any changes to the web.config file.
If you need the HttpContext in a service class (or similar), remember that you can inject a ServiceAccessor<HttpContextBase>. It works for singleton services, as well. For controllers and views, always use the Context property of the class itself.