From eabde6713ab3d853c14a805ce36176c21311d0f6 Mon Sep 17 00:00:00 2001
From: Carl Sixsmith <carl.sixsmith1@justice.gov.uk>
Date: Thu, 15 Aug 2024 12:37:45 +0100
Subject: [PATCH] force https

---
 src/Server.UI/DependencyInjection.cs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Server.UI/DependencyInjection.cs b/src/Server.UI/DependencyInjection.cs
index 8eb38cad..4f38aec8 100644
--- a/src/Server.UI/DependencyInjection.cs
+++ b/src/Server.UI/DependencyInjection.cs
@@ -147,6 +147,13 @@ public static WebApplication ConfigureServer(this WebApplication app, IConfigura
         app.UseAuthentication();
         app.UseAuthorization();
 
+
+        app.Use((context, next) =>
+        {
+            context.Request.Scheme = "https";
+            return next();
+        });
+
         app.Use(async (context, next) =>
         {
             context.Response.Headers.Append("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; object-src 'self' data:; frame-src 'self' data:;");