Fix #36461: allow to force redirects to use https (!78)

LEDfan · LEDfan · commit a8c29fef1352 · 2026-03-10T08:25:46.000Z
Reviewed-on: https://scm.openanalytics.eu/git/containerproxy/pulls/78
diff --git a/src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java b/src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java
@@ -65,7 +65,6 @@
 import org.springframework.web.filter.FormContentFilter;
 import org.springframework.web.servlet.LocaleResolver;
 import org.springframework.web.servlet.i18n.CookieLocaleResolver;
-import org.springframework.web.servlet.i18n.SessionLocaleResolver;
 
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
@@ -80,7 +79,6 @@
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Locale;
 import java.util.Properties;
 import java.util.Set;
 import java.util.concurrent.Executor;
@@ -103,6 +101,8 @@ public class ContainerProxyApplication {
     private static final String SAME_SITE_COOKIE_DEFAULT_VALUE = "Lax";
     private static final String PROP_SERVER_SECURE_COOKIES = "server.secure-cookies";
     private static final Boolean SECURE_COOKIES_DEFAULT_VALUE = false;
+    private static final String PROP_FORCE_HTTPS_IN_REDIRECTS = "proxy.force-https-in-redirects";
+    private static final Boolean FORCE_HTTPS_IN_REDIRECTS_DEFAULT_VALUE = false;
     private static final Path TERMINATION_LOG_FILE = Path.of("/dev/termination-log");
     private static Boolean logAsJson = false;
     public static Boolean secureCookiesEnabled;
@@ -336,6 +336,15 @@ public UndertowServletWebServerFactory servletContainer() {
                 info.setSessionManagerFactory(sessionManagerFactory);
             }
             info.setResourceManager(EMPTY_RESOURCE_MANAGER);
+            if (environment.getProperty(PROP_FORCE_HTTPS_IN_REDIRECTS, Boolean.class, FORCE_HTTPS_IN_REDIRECTS_DEFAULT_VALUE)) {
+                log.debug("Enforcing redirects to always use https.");
+                info.addInitialHandlerChainWrapper(handler ->
+                    exchange -> {
+                        exchange.setRequestScheme("https");
+                        handler.handleRequest(exchange);
+                    }
+                );
+            }
         });
         try {
             factory.setAddress(InetAddress.getByName(environment.getProperty("proxy.bind-address", "0.0.0.0")));
