Add trust-x-forwarded-proto settings

doc/admin/config.rst

@@ -90,6 +90,11 @@ Example::
     proxy that actively removes and re-adds the header to make sure the correct client IP is the first value.
     Defaults to ``off``.
 
+``trust_x_forwarded_proto``
+    Specifies whether the ``X-Forwarded-Proto`` header can be trusted. Only set to ``on`` if you have a reverse
+    proxy that actively removes and re-adds the header to make sure the correct client IP is the first value.
+    Defaults to ``off``.
+
 
 Locale settings
 ---------------

doc/admin/installation/docker_smallscale.rst

@@ -125,6 +125,8 @@ Fill the configuration file ``/etc/pretix/pretix.cfg`` with the following conten
     ; DO NOT change the following value, it has to be set to the location of the
     ; directory *inside* the docker container
     datadir=/data
+    trust_x_forwarded_for=on
+    trust_x_forwarded_proto=on
 
     [database]
     ; Replace postgresql with mysql for MySQL

doc/admin/installation/manual_smallscale.rst

@@ -85,6 +85,8 @@ Fill the configuration file ``/etc/pretix/pretix.cfg`` with the following conten
     url=https://pretix.mydomain.com
     currency=EUR
     datadir=/var/pretix/data
+    trust_x_forwarded_for=on
+    trust_x_forwarded_proto=on
 
     [database]
     ; For MySQL, replace with "mysql"

src/pretix/settings.py

@@ -134,6 +134,9 @@ CSRF_TRUSTED_ORIGINS = [urlparse(SITE_URL).hostname]
 
 TRUST_X_FORWARDED_FOR = config.get('pretix', 'trust_x_forwarded_for', fallback=False)
 
+if config.get('pretix', 'trust_x_forwarded_proto', fallback=False):
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
 PRETIX_PLUGINS_DEFAULT = config.get('pretix', 'plugins_default',
                                     fallback='pretix.plugins.sendmail,pretix.plugins.statistics,pretix.plugins.checkinlists,pretix.plugins.autocheckin')
 PRETIX_PLUGINS_EXCLUDE = config.get('pretix', 'plugins_exclude', fallback='').split(',')