As a user I want IG to rebase its originalUri in order to perform better in cloud environments where IG is behind other proxies.
- New ForwardedRequestFilter (feel free to find a better name)
- offer a generic way to update scheme, host and port of the originalUri.
- Add new UriContext in the chain with refined originalUri value.
- Replace the Request with the updated OriginalUri.
- Verify the filter work with GCP and AWS + provide as-of-today values to add in documentation
When SSL is offloaded before IG, the redirect is HTTP and not HTTPS
There are occasions where load balancers in front of IG offload SSL before reaching IG. In cases where OAuth2 is being used (OAuth2ClientFilter), IG sees the request in HTTP and so it sets the redirect_uri as the HTTP version. This will error as the redirect_uri will be configured for the HTTPS address.
To workaround this, you can write scripts to use X-Forwarded-For headers passed on by the load balancer but it would nice if there was a config switch or similar to pick this up.