TYPO3 Core

If you have a Website behind a proxy like Varnish and every connection goes to TYPO3 with http://. The scheme based redirect will not work, even if TYPO3 recognizes the connection as a HTTPS, beacuse the TYPO3_SSL enviroment variable is not used.

The problem is the test ist based only on the requested schema.

TypoScriptFrontendController.php:1466

 if ((int)$this->page['url_scheme'] === HttpUtility::SCHEME_HTTP && $requestUrlScheme == 'https') {
         $newUrl = 'http://' . substr(GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL'), 8);
 } elseif ((int)$this->page['url_scheme'] === HttpUtility::SCHEME_HTTPS && $requestUrlScheme == 'http') {
         $newUrl = 'https://' . substr(GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL'), 7);
 }

It should be something like that:

if ((int)$this->page['url_scheme'] === HttpUtility::SCHEME_HTTP && GeneralUtility::getIndpEnv('TYPO3_SSL') === TRUE) {
     $newUrl = 'http://' . substr(GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL'), 8);
} elseif ((int)$this->page['url_scheme'] === HttpUtility::SCHEME_HTTPS && GeneralUtility::getIndpEnv('TYPO3_SSL') === FALSE) {
     $newUrl = 'https://' . substr(GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL'), 7);
 }

I found this in 6.2, but it is the same in 8.4-dev