Fix protocol serve detection for clustered repositories that terminate HTTPS
Summary:
Ref T10927. Pretty sure the issue is:
- User makes an HTTPS request.
- Load balancer terminates it, but with an X-Forwarded-Proto header.
- secure001 (or whatever; acting as web host) proxies it to secure002 (or whatever; acting as a repository host). This connection is plain HTTP.
- Since this proxied connection is plain HTTP, we check if the repository can serve over "http", but it can't: only "https". So we fail incorrectly, even though the original user request was HTTPS.
In the long run we should probably forward the X-Forwarded-Proto header, but that has some weird implications and it's broadly fine to allow either protocol to serve as long as the other one is active: configuration like security.require-https is already stronger than these settings.
Test Plan: This is likely only observable in production, but normal cloning still works locally.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T10927
Differential Revision: https://secure.phabricator.com/D15856