add to acceptRequest

internal/hydra/consent.go

@@ -47,6 +47,6 @@ func (crd *ConsentReqDoer) AcceptConsentRequest(challenge string, remember bool,
 			IDToken: idToken,
 		},
 	}
-	redirectURI, err := acceptRequest(consent, crd.hydraURL, challenge, data)
+	redirectURI, err := acceptRequest(consent, crd.hydraURL, crd.fakeTlsTermination, challenge, data)
 	return redirectURI, errors.Wrap(err, "failed to accept consent request")
 }

internal/hydra/hydra.go

@@ -85,7 +85,7 @@ func initiateRequest(typ reqType, hydraURL string, fakeTlsTermination bool, chal
 	return &ri, nil
 }
 
-func acceptRequest(typ reqType, hydraURL, challenge string, data interface{}) (string, error) {
+func acceptRequest(typ reqType, hydraURL string, fakeTlsTermination bool, challenge string, data interface{}) (string, error) {
 	if challenge == "" {
 		return "", ErrChallengeMissed
 	}
@@ -110,6 +110,10 @@ func acceptRequest(typ reqType, hydraURL, challenge string, data interface{}) (s
 	if err != nil {
 		return "", err
 	}
+	if fakeTlsTermination {
+		r.Header.Add("X-Forwarded-Proto", "https")
+	}
+
 	r.Header.Set("Content-Type", "application/json")
 	resp, err := http.DefaultClient.Do(r)
 	if err != nil {

internal/hydra/logout.go

@@ -30,6 +30,6 @@ func (lrd *LogoutReqDoer) InitiateRequest(challenge string) (*ReqInfo, error) {
 
 // AcceptLogoutRequest accepts the requested logout process, and returns redirect URI.
 func (lrd *LogoutReqDoer) AcceptLogoutRequest(challenge string) (string, error) {
-	redirectURI, err := acceptRequest(logout, lrd.hydraURL, challenge, nil)
+	redirectURI, err := acceptRequest(logout, lrd.hydraURL, lrd.fakeTlsTermination, challenge, nil)
 	return redirectURI, errors.Wrap(err, "failed to accept logout request")
 }