From 235cd9df826849d51d47528026ffdb9ca88f8df4 Mon Sep 17 00:00:00 2001
From: leonklingele <git@leonklingele.de>
Date: Mon, 14 Nov 2022 08:32:48 +0100
Subject: [PATCH] ctx: simplify Protocol() (#2217)

* ctx: simplify Protocol()

* ctx: also mention "X-Url-Scheme" header in Protocol()

* ctx: use the same warning comment about enabling Config.EnableTrustedProxyCheck everywhere
---
 ctx.go | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/ctx.go b/ctx.go
index 4fb70947..9fb8404a 100644
--- a/ctx.go
+++ b/ctx.go
@@ -1040,28 +1040,25 @@ func (c *Ctx) Path(override ...string) string {
 }
 
 // Protocol contains the request protocol string: http or https for TLS requests.
-// Use Config.EnableTrustedProxyCheck to prevent header spoofing, in case when your app is behind the proxy.
+// Please use Config.EnableTrustedProxyCheck to prevent header spoofing, in case when your app is behind the proxy.
 func (c *Ctx) Protocol() string {
 	if c.fasthttp.IsTLS() {
 		return "https"
 	}
-	scheme := "http"
 	if !c.IsProxyTrusted() {
-		return scheme
+		return "http"
 	}
+
+	scheme := "http"
 	c.fasthttp.Request.Header.VisitAll(func(key, val []byte) {
 		if len(key) < 12 {
-			return // X-Forwarded-
-		} else if bytes.HasPrefix(key, []byte("X-Forwarded-")) {
-			v := c.app.getString(val)
-			if bytes.Equal(key, []byte(HeaderXForwardedProto)) {
-				commaPos := strings.Index(v, ",")
-				if commaPos != -1 {
-					scheme = v[:commaPos]
-				} else {
-					scheme = v
-				}
-			} else if bytes.Equal(key, []byte(HeaderXForwardedProtocol)) {
+			return // Neither "X-Forwarded-" nor "X-Url-Scheme"
+		}
+		switch {
+		case bytes.HasPrefix(key, []byte("X-Forwarded-")):
+			if bytes.Equal(key, []byte(HeaderXForwardedProto)) ||
+				bytes.Equal(key, []byte(HeaderXForwardedProtocol)) {
+				v := c.app.getString(val)
 				commaPos := strings.Index(v, ",")
 				if commaPos != -1 {
 					scheme = v[:commaPos]
@@ -1071,7 +1068,8 @@ func (c *Ctx) Protocol() string {
 			} else if bytes.Equal(key, []byte(HeaderXForwardedSsl)) && bytes.Equal(val, []byte("on")) {
 				scheme = "https"
 			}
-		} else if bytes.Equal(key, []byte(HeaderXUrlScheme)) {
+
+		case bytes.Equal(key, []byte(HeaderXUrlScheme)):
 			scheme = c.app.getString(val)
 		}
 	})