support SSLOffloading by load balancer
under load balancing, we cannot use the fact that we have an ssl context to decide we redirect to ssl.
We need to trust the X-Forwarded-Proto header
if it does not exist or is malformed, we then use the ssl context heuristic to decide we are https
At the moment, only tested under acceptance tests.
-
Test it in real condition
Fixes: #202 (closed)
Edited by Pierre Tardy