From 8ebf06dd71e73f109ab8ead3fb26a85efb1ca64a Mon Sep 17 00:00:00 2001 From: Travis Groth Date: Tue, 14 Jul 2020 23:11:22 -0400 Subject: [PATCH] Force redirect scheme to https (#1075) --- authorize/check_response.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/authorize/check_response.go b/authorize/check_response.go index cf8109455..042a37370 100644 --- a/authorize/check_response.go +++ b/authorize/check_response.go @@ -132,7 +132,12 @@ func (a *Authorize) redirectResponse(in *envoy_service_auth_v2.CheckRequest) *en signinURL := opts.GetAuthenticateURL().ResolveReference(&url.URL{Path: "/.pomerium/sign_in"}) q := signinURL.Query() - q.Set(urlutil.QueryRedirectURI, getCheckRequestURL(in).String()) + + // always assume https scheme + url := getCheckRequestURL(in) + url.Scheme = "https" + + q.Set(urlutil.QueryRedirectURI, url.String()) signinURL.RawQuery = q.Encode() redirectTo := urlutil.NewSignedURL(opts.SharedKey, signinURL).String()