Not planned Suggestion: make "base href" less intelligent

This is a suggestion for future versions:

Xenforo is smart enough to figure-out if the server that it resides on is sending pages via http or https, and changes the base href accordingly.

But for servers behind certain load balancers or cloudflare, the servers may be sending information to the load balancers or cloudflare as http port 80 traffic, then it is 'converted' to SSL https port 443 traffic. The origin servers don't have a way to recognize that the end browser is receiving https traffic, not http traffic.

It could be fixed with .htaccess code modification, but it would be simpler if xenforo followed the http or https entered in Options > Basic Board Information > Board URL.


XenForo developer
Staff member
There are more things that change based on whether or not the access is via SSL -- cookie "secure" settings being a good example.

The problem with being "less intelligent" is that then it makes it easy to screw up. You enter the URL as http and access via https and you'll get things served insecurely; if you enter https and access via http, you'd get cookies set that you couldn't use (and thus couldn't login).

For your situation, it really seems like manipulating state via config.php is safer and more explicit.