From 16859bb36ab09ffd37d443d60e8bf218bd26f5fb Mon Sep 17 00:00:00 2001
From: gbrodman <gbrodman@google.com>
Date: Wed, 20 Aug 2025 10:15:54 -0400
Subject: [PATCH] Use https in RDAP URLs provided (#2807)

Load balancer / internal redirections can result in the final request
URL lacking "https" when finally getting to the servlet. As a result,
even if you use https in the request, the resulting URL can be plain
http.

We need to include the actual (HTTPS) URL in the output, so replace it.
---
 core/src/main/java/google/registry/request/RequestModule.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/google/registry/request/RequestModule.java b/core/src/main/java/google/registry/request/RequestModule.java
index eb843bfb1..d31e6917a 100644
--- a/core/src/main/java/google/registry/request/RequestModule.java
+++ b/core/src/main/java/google/registry/request/RequestModule.java
@@ -135,7 +135,8 @@ public final class RequestModule {
   @Provides
   @RequestUrl
   static String provideRequestUrl(HttpServletRequest req) {
-    return req.getRequestURL().toString();
+    String url = req.getRequestURL().toString();
+    return url.startsWith("https") ? url : url.replaceFirst("http", "https");
   }
 
   @Provides