3 files changed, 25 insertions, 2 deletions

diff --git a/app/Core/Response.php b/app/Core/Response.php
index 1ccf9f5e..347cdde7 100644
--- a/app/Core/Response.php
+++ b/app/Core/Response.php
@@ -246,7 +246,7 @@ class Response
      */
     public function hsts()
     {
-        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+        if (Tool::isHTTPS()) {
             header('Strict-Transport-Security: max-age=31536000');
         }
     }
diff --git a/app/Core/Session.php b/app/Core/Session.php
index f072350d..4f44e8e0 100644
--- a/app/Core/Session.php
+++ b/app/Core/Session.php
@@ -35,7 +35,7 @@ class Session
             self::SESSION_LIFETIME,
             $base_path ?: '/',
             null,
-            ! empty($_SERVER['HTTPS']),
+            Tool::isHTTPS(),
             true
         );
 
diff --git a/app/Core/Tool.php b/app/Core/Tool.php
index 85b684e2..e54a0d3b 100644
--- a/app/Core/Tool.php
+++ b/app/Core/Tool.php
@@ -32,6 +32,15 @@ class Tool
         }
     }
 
+    /**
+     * Load and register a model
+     *
+     * @static
+     * @access public
+     * @param  Core\Registry    $registry    DPI container
+     * @param  string           $name        Model name
+     * @return mixed
+     */
     public static function loadModel(Registry $registry, $name)
     {
         if (! isset($registry->$name)) {
@@ -41,4 +50,18 @@ class Tool
 
         return $registry->shared($name);
     }
+
+    /**
+     * Check if the page is requested through HTTPS
+     *
+     * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS
+     *
+     * @static
+     * @access public
+     * @return boolean
+     */
+    public static function isHTTPS()
+    {
+        return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off';
+    }
 }