From 183cafabf14786531bfd08720853271c14e999a3 Mon Sep 17 00:00:00 2001
From: Kyle Gann <kylegann@gmail.com>
Date: Fri, 20 Feb 2015 16:42:50 -0500
Subject: [PATCH] Make forwarded scheme handle comma separated schemes

---
 src/ring/middleware/ssl.clj       | 4 +++-
 test/ring/middleware/ssl_test.clj | 7 ++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/ring/middleware/ssl.clj b/src/ring/middleware/ssl.clj
index 8a0f4f0..38dc80a 100644
--- a/src/ring/middleware/ssl.clj
+++ b/src/ring/middleware/ssl.clj
@@ -20,7 +20,9 @@
      (fn [req]
        (let [header  (str/lower-case header)
              default (name (:scheme req))
-             scheme  (str/lower-case (get-in req [:headers header] default))]
+             scheme  (-> (get-in req [:headers header] default)
+                         (str/split #",")
+                         last str/trim str/lower-case)]
          (assert (or (= scheme "http") (= scheme "https")))
          (handler (assoc req :scheme (keyword scheme)))))))
 
diff --git a/test/ring/middleware/ssl_test.clj b/test/ring/middleware/ssl_test.clj
index cc0810c..478ea92 100644
--- a/test/ring/middleware/ssl_test.clj
+++ b/test/ring/middleware/ssl_test.clj
@@ -19,7 +19,12 @@
           (is (= (:body response) "https")))
         (let [response (handler (-> (request :get "https://localhost/")
                                     (header "x-forwarded-proto" "http")))]
-          (is (= (:body response) "http")))))
+          (is (= (:body response) "http"))))
+
+      (testing "comma separated header"
+        (let [response (handler (-> (request :get "/")
+                                    (header "x-forwarded-proto" "http, https")))]
+          (is (= (:body response) "https")))))
 
     (testing "custom header"
       (let [handler  (wrap-forwarded-scheme handler "X-Foo")