Consider X-Forwarded-Proto when setting the Request's originalRef property.

[jwinfield]

HTTPS enabled load balancers like Amazon's ELB that forward client requests to HTTP servers behind the load balancer set the X-Forwarded-Proto request header with a value of https. If the call is forwarded to a HTTP Restlet application from the load balancer, the originalRef Request property uses the protocol of the target request without checking if the X-Forwarded-Proto is set and using that protocol scheme instead.

This becomes a problem for resources that need to redirect when handling a request. Extra code needs to be written into the application code to look for the X-Forwarded-Proto header explicitly when building the redirect URL instead of using values from getRequest().getOriginalRef(). Also for static content resources served by a DirectoryService, they will have an incorrect protocol set for the Content-Location URL.

[jwinfield]

Forgot to mention I'm currently using v2.3.5.

[thboileau]

Hi @jwinfield , thanks a lot for this suggestion.
The fix has been added to the 2.3 branch and will be part of new 2.3.7 release.