From dacedda571e49593f747bb6944945c0b663bd5d8 Mon Sep 17 00:00:00 2001
From: Ben Newman <ben@meteor.com>
Date: Sat, 12 May 2018 10:50:16 -0400
Subject: [PATCH] Use HTTPS in Meteor.absoluteUrl by default if window.location
 uses HTTPS.

Another attempt to fix #9879.
---
 packages/meteor/url_common.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/packages/meteor/url_common.js b/packages/meteor/url_common.js
index f90453dfc0..89afa1cd7c 100644
--- a/packages/meteor/url_common.js
+++ b/packages/meteor/url_common.js
@@ -44,11 +44,22 @@ Meteor.absoluteUrl = function (path, options) {
 };
 
 // allow later packages to override default options
-Meteor.absoluteUrl.defaultOptions = { };
+var defaultOptions = Meteor.absoluteUrl.defaultOptions = {};
+
+// available only in a browser environment
+var location = typeof window === "object" && window.location;
+
 if (typeof __meteor_runtime_config__ === "object" &&
     __meteor_runtime_config__.ROOT_URL)
   Meteor.absoluteUrl.defaultOptions.rootUrl = __meteor_runtime_config__.ROOT_URL;
 
+// Make absolute URLs use HTTPS by default if the current window.location
+// uses HTTPS. Since this is just a default, it can be overridden by
+// passing { secure: false } if necessary.
+if (location &&
+    location.protocol === "https:") {
+  defaultOptions.secure = true;
+}
 
 Meteor._relativeToSiteRootUrl = function (link) {
   if (typeof __meteor_runtime_config__ === "object" &&