From 0f13b6c01df86b62465a4e4c4bbdbd95b8614527 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leon=20B=C3=B6sche?= <leonboesche1999@gmail.com>
Date: Sat, 10 Jan 2026 15:58:14 +0100
Subject: [PATCH] Fix HTTPS scheme detection using X-Forwarded-Proto header

---
 go_cloud/internal/http/routes.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/go_cloud/internal/http/routes.go b/go_cloud/internal/http/routes.go
index f1aaf55..7135e87 100644
--- a/go_cloud/internal/http/routes.go
+++ b/go_cloud/internal/http/routes.go
@@ -367,7 +367,9 @@ func viewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB, audi
 
 	// Build download URL with proper URL encoding using the request's scheme and host
 	scheme := "https"
-	if r.TLS == nil {
+	if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {
+		scheme = proto
+	} else if r.TLS == nil {
 		scheme = "http"
 	}
 	host := r.Host
@@ -431,7 +433,9 @@ func userViewerHandler(w http.ResponseWriter, r *http.Request, db *database.DB,
 
 	// Build download URL with proper URL encoding using the request's scheme and host
 	scheme := "https"
-	if r.TLS == nil {
+	if proto := r.Header.Get("X-Forwarded-Proto"); proto != "" {
+		scheme = proto
+	} else if r.TLS == nil {
 		scheme = "http"
 	}
 	host := r.Host