We currently set a scheme-less URL, since it's unlikely isSecure is accurate with SSL terminated at a load-balancer in any real-world scenario. We currently use the remoteHost as-is, which will just be the LBs IPs in those cases. There are standardized headers we could look for to make this work in this case.
We currently set a scheme-less URL, since it's unlikely
isSecureis accurate with SSL terminated at a load-balancer in any real-world scenario. We currently use theremoteHostas-is, which will just be the LBs IPs in those cases. There are standardized headers we could look for to make this work in this case.