This snippet configures proper detection of the http/https channel security by a Grails 2.3.2 application using the (latest) Spring Security 2.0-RC2 grails plugin. This configuration resides-in grails-app/conf/Config.groovy.
// belongs in 'production' environment block or guarded by, e.g. a System.property-check.
// [heroku] proxy support -- allow SSL to be terminated at the load balancer / proxy
// look for X-FORWARDED-PROTO (case-sensitive)
// https://discussion.heroku.com/t/grails-spring-security-core-securechannel-definition-causes-redirect-loop/219/2