Request::secure() not returning true though sever is set to https

[rajanrawal]

As because not having control to set up ssl certificate, client has used https://www.cloudflare.com/ssl for ssl cerificate. My local xamp installation working fine with Request::secure(). while debugging I found locally i have set $_SERVER['HTTPS'] = on while there is no such key set on server though its https instead $_SERVER['HTTP_X_FORWARDED_PROTO'] = https. I have gone in to Illuminate\Http\Request library and landed in Symfony\Component\HttpFoundation\Request where I came to know isSecure() method by default using $_SERVER['HTTP_X_FORWARDED_PROTO'] = https. The whole game is setting up setTrustedProxies() and setTrustedHeaderName() . I have tried
Request::setTrustedHeaderName('client_proto', 'X_FORWARDED_PROTO'); though its returning false. Can you bit explore here what can be done to get Request::secure() return true if $_SERVER['HTTP_X_FORWARDED_PROTO'] = https is set. I found some solutions over here
dmikusa/cf-php-apache-buildpack#6 but want to know if other way available with laravel. Thanks!

[rajanrawal]

You need to use setTrustedProxies. isSecure() condition first check that only. otherwise it wont work. for example

$could_flare_ips = array(
       '199.27.128.0/21',
       '173.245.48.0/20'
);
Request::setTrustedProxies($could_flare_ips);

For laravel you can add this code in App::before() filter

[GrahamCampbell]

Example of doing this: https://github.com/StyleCI/StyleCI/commit/b8df8773089b4436aeb1ebc3a8bb16e4f1d9d99b.