Thanks for the suggestions!
Unfortunately, I need to generate an absolute URL because it's being passed to Google as a callback for OAuth.
Would you accept a patch request that adds a configuration for "passenger_wsgi_url_scheme_http_header" and its associated value (similar to gunicorn) if the default behavior was to do nothing (i.e. no decision on setting wsgi.url_scheme based on forwarded headers by default)?
From the gunicorn doc warning you cited:
>It is important that your front-end proxy configuration ensures that the headers defined here can not be passed directly from the client.
The ELB docs seem to indicate that it will set the X-Forwarded-Proto header regardless of any malicious clients, but I might have to do some testing to validate that. If this is true and we can trust the ELB, then I think we have a valid use case for configuring Passenger (without hacking) to set the wsgi.url_scheme based on the header.
Can't think of a more elegant solution right now, but the user story is pretty specific. I guess I'll stick with the hack for now, and I would rather hack the application than Passenger itself. Thanks for the suggestion!
Please let me know what you think of my proposal for a new config option (at least for the nginx + Python stack specifically.)
Best,
Ian