From 091c0442e8d5d0e0641b9be51e00578b9d3220ff Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 11 May 2024 04:42:45 -0700
Subject: [PATCH 1/3] allow cloudflare and other proxies to still count as
 https

---
 inc/functions/net.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/inc/functions/net.php b/inc/functions/net.php
index ab08c3cb..ebf578e7 100644
--- a/inc/functions/net.php
+++ b/inc/functions/net.php
@@ -6,5 +6,13 @@ namespace Vichan\Functions\Net;
  * @return bool Returns if the client-server connection is an encrypted one (HTTPS).
  */
 function is_connection_secure(): bool {
-	return !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
+    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+        return true;
+    }
+    elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+        return true;
+    }
+    else {
+	return false;
+    }
 }

From 273722dc7eeda8dff9d7feafe8d370d03ea461c1 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 11 May 2024 04:45:39 -0700
Subject: [PATCH 2/3] set to false by default. this'll probably become true
 eventually though

---
 inc/config.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 9568fb0d..aadc4af7 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -194,9 +194,8 @@
 	// Whether or not you can access the mod cookie in JavaScript. Most users should not need to change this.
 	$config['cookies']['httponly'] = true;
 
-	// Do not allow logins via unencrypted HTTP. Should only be changed in testing environments or if you connect to a
-	// load-balancer without encryption.
-	$config['cookies']['secure_login_only'] = true;
+	// Do not allow logins via unencrypted HTTP. If your website uses HTTPS, turn this on.
+	$config['cookies']['secure_login_only'] = false;
 
 	// Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).
 	$config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';

From f9c54dbbbefa73b159cfa37ff883348f66481824 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 11 May 2024 04:46:08 -0700
Subject: [PATCH 3/3] removed redundant message

---
 install.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/install.php b/install.php
index e21e8a30..5fac2eaf 100644
--- a/install.php
+++ b/install.php
@@ -5,11 +5,6 @@ define('VERSION', '5.2.0');
 require 'inc/bootstrap.php';
 loadConfig();
 
-if (!is_writable('inc/secrets.php') || !is_writable('inc/')) {
-	echo 'install.php does not have permission to write to /inc/secrets.php and/or /inc/, without permission the installer cannot continue';
-	exit();
-}
-
 // Salt generators
 class SaltGen {
 	public $salt_length = 128;