fixed redirect loop on reverse Proxies (at least Caddy)

[Thomas131]

Here, I check, if the HTTP_X_FORWARDED_PROTO-Header was set. If yes, the protocol specified here is used for building the current URL. The patch was successfully tested on a Webserver with Caddy as reverse Proxy. It should also work on CF and most other reverse Proxies.

This fixes #48.

Sorry, if I did something wrong, I am not experienced with Pull Requests ...

[frostschutz]

Sorry for the long silence.

I will add support for HTTP_X_FORWARDED_PROTO but I plan to make it optional (as a setting).

This redirect code was written a long time ago, when we didn't have cloudflare, or free letsencrypt https certificates for everyone. Nowadays every new site has https and already global http <-> https redirects in place, so perhaps it's time for Google SEO to stop even trying to do http <-> https redirects by itself, since it's safe to assume it will already be taken care of by the webserver.

So I think I will change it so that by default, no https redirect will take place, but users can optionally select for HTTP_X_FORWARDED_PROTO, or regular HTTPS header to be used (current workaround is to just SetEnv HTTPS 1 in the .htaccess). And if there are other relevant headers in the future they could be added to the list of options.