Issue
We are using Auth0 integration to provide authentication for our spring boot application. An application is deployed with docker in google cloud run.
But when I try to exchange tokens I receive an error from auth0 "Expected https://.. but go http://."
The reason why it is happening is that httpServletReuqest.getRequestURI()
returns http instead of https.
The question is why getRequestURI returns http when our website deployed as https in cloud Run? I also logged nginx headers and X-Forwarded-Proto = https.
Solution
Posting as Community Wiki since it is Based on the comments of @EmilGi and @GuillaumeBlaquiere.
As you can see in this documentation:
Cloud Run redirects all HTTP requests to HTTPS but terminates TLS before they reach your web service. If your service generates a web resources that refers to other web resources with unsecured URLs (http://), your page may be subject to mixed content warnings or errors.
And you cannot turn off this restriction since Cloud Run is deployed behind the GFE (Google Front End) in charge of the TLS communication.
Answered By - Rafael Lemos
Answer Checked By - Willingham (JavaFixing Volunteer)