Merge branch '4.x' into 4.next

Author: markstory

config/.env.example

@@ -5,10 +5,10 @@
 # environment.
 #
 # Having this file in production is considered a **SECURITY RISK** and also decreases
-# the boostrap performance of your application.
+# the bootstrap performance of your application.
 #
 # To use this file, first copy it into `config/.env`. Also ensure the related
-# code block for loading this file is uncommented in `config/boostrap.php`
+# code block for loading this file is uncommented in `config/bootstrap.php`
 #
 # In development .env files are parsed by PHP
 # and set into the environment. This provides a simpler

config/bootstrap.php

@@ -138,8 +138,18 @@
  */
 $fullBaseUrl = Configure::read('App.fullBaseUrl');
 if (!$fullBaseUrl) {
+    /*
+     * When using proxies or load balancers, SSL/TLS connections might
+     * get terminated before reaching the server. If you trust the proxy,
+     * you can enable `$trustProxy` to rely on the `X-Forwarded-Proto`
+     * header to determine whether to generate URLs using `https`.
+     *
+     * See also https://book.cakephp.org/4/en/controllers/request-response.html#trusting-proxy-headers
+     */
+    $trustProxy = false;
+
     $s = null;
-    if (env('HTTPS')) {
+    if (env('HTTPS') || ($trustProxy && env('HTTP_X_FORWARDED_PROTO') === 'https')) {
         $s = 's';
     }