Use https in RDAP URLs provided (#2807)

gbrodman · web-flow · commit 16859bb36ab0 · 2025-08-20T14:15:54.000Z
Load balancer / internal redirections can result in the final request
URL lacking "https" when finally getting to the servlet. As a result,
even if you use https in the request, the resulting URL can be plain
http.

We need to include the actual (HTTPS) URL in the output, so replace it.
diff --git a/core/src/main/java/google/registry/request/RequestModule.java b/core/src/main/java/google/registry/request/RequestModule.java
@@ -135,7 +135,8 @@ AuthResult provideAuthResult() {
   @Provides
   @RequestUrl
   static String provideRequestUrl(HttpServletRequest req) {
-    return req.getRequestURL().toString();
+    String url = req.getRequestURL().toString();
+    return url.startsWith("https") ? url : url.replaceFirst("http", "https");
   }
 
   @Provides

Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,8 @@ AuthResult provideAuthResult() {`
`135`	`135`	`@Provides`
`136`	`136`	`@RequestUrl`
`137`	`137`	`static String provideRequestUrl(HttpServletRequest req) {`
`138`		`- return req.getRequestURL().toString();`
	`138`	`+ String url = req.getRequestURL().toString();`
	`139`	`+ return url.startsWith("https") ? url : url.replaceFirst("http", "https");`
`139`	`140`	`}`
`140`	`141`
`141`	`142`	`@Provides`