My goal is to put my ServiceStack applications behind a reverse proxy to perform SSL Offloading (Citrix NetScaler).
However, in doing so, connections coming through to my authentication endpoints will not go through a secured connection.
In JWT, there is an option to set RequireSecuredConnection to true, to make sure all requests were sent over a secure link.
In the situation above, the only way to indicate that the request was sent over an SSL connection, is by inserting the X-Forwarded-Proto header (this is an official HTTP header, just like X-Forwarded-For) between the reverse proxy and the application host.
Is it possible to detect this header so that RequireSecuredConnection can remain to be set to true, whilst checking for the value of that header? (It should always be either http or https).