From 72cb2b56684fd42cfac2495b0cd879e6114858e5 Mon Sep 17 00:00:00 2001
From: Nick Troccoli <nicktroccoli28@gmail.com>
Date: Sat, 9 Jul 2016 22:12:22 -0700
Subject: [PATCH] Added https check for Heroku

---
 Parse-Dashboard/app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js
index 52ae619fe5..79dc8103ef 100644
--- a/Parse-Dashboard/app.js
+++ b/Parse-Dashboard/app.js
@@ -74,7 +74,7 @@ module.exports = function(config, allowInsecureHTTP) {
       req.connection.remoteAddress === '127.0.0.1' ||
       req.connection.remoteAddress === '::ffff:127.0.0.1' ||
       req.connection.remoteAddress === '::1';
-    if (!requestIsLocal && !req.secure && !allowInsecureHTTP) {
+    if (!requestIsLocal && !req.secure && req.header('x-forwarded-proto') != 'https' && !allowInsecureHTTP) {
       //Disallow HTTP requests except on localhost, to prevent the master key from being transmitted in cleartext
       return res.send({ success: false, error: 'Parse Dashboard can only be remotely accessed via HTTPS' });
     }