In servers() when there is no HOST defined, it calculates the host with request.host for the host part, and then it calls to _get_scheme() which, if there is app.auth then returns https, returning http otherwise.
The problem is that not always the presence of auth means that the scheme is https. For example, I'm testing an API in localhost, I'm using auth, but it goes through http, because I'm on localhost. So it tries to do an HTTPS to an HTTP server, which freezes the connection for 30 seconds.
It would be better if servers() used request.scheme, which will always be correct.
In servers() when there is no HOST defined, it calculates the host with request.host for the host part, and then it calls to _get_scheme() which, if there is app.auth then returns https, returning http otherwise.
The problem is that not always the presence of auth means that the scheme is https. For example, I'm testing an API in localhost, I'm using auth, but it goes through http, because I'm on localhost. So it tries to do an HTTPS to an HTTP server, which freezes the connection for 30 seconds.
It would be better if servers() used request.scheme, which will always be correct.