If you are using nginx, for example, to proxy SSL, security::locations will not return
https://mysite.com as a valid internal URL and if some legacy code uses get_referrer to generate a return_url, the redirect will fail.
It seems like security::locations should correctly return an HTTPS url for the main subsite if you are proxying SSL so I created a fix that checks for the proxy parameter
diff --git a/packages/acs-tcl/tcl/security-procs.tcl b/packages/acs-tcl/tcl/security-procs.tcl
index 39ff0f6..d8a88fe 100644
--- a/packages/acs-tcl/tcl/security-procs.tcl
+++ b/packages/acs-tcl/tcl/security-procs.tcl
@@ -1776,8 +1776,14 @@ ad_proc -public security::locations {} {
lappend locations $insecure_location
# if we have a secure location, add it
set host_map_https_port ""
+ set proxy_ssl_p false
+ if { [ns_config "ns/parameters" ReverseProxyMode] == "true" } {
+ if { [ns_set iget [ad_conn headers] X-Forwarded-For] != "" && [ns_set iget [ad_conn headers] X-SSL-Request] ==
+ set proxy_ssl_p true
+ }
+ }- if { $sdriver ne "" } {
+ if { $sdriver ne "" || $proxy_ssl_p} {
set secure_location "https://${host_name}";
if {$secure_port ne "" && $secure_port ne "443"} {
append secure_location ":$secure_port"
