The only code in the HttpServer project that gets/sets the HttpRequest.Secure parameter is the code used to create the request Uri:
_uri = new Uri(Secure ? "https://" : "http://" + value + _uriPath);
The problem being that the Uri now reports http for all requests, regardless of whether or not they were https or not.
Debugging shows that even HttpClientContext.IsSecure is set correctly (even after the context is reused for a future request). The problem is that the underlaying IHttpRequest (HttpRequest) instance on the HttpClientClient instance never has its
value updated. One limiting factor is that the parameter is defined as IHttpRequest instead of HttpRequest (Secure is only defined on HttpRequest), so the value cannot be set without a cast.
Before I go submit a patch to define _currentRequest as HttpRequest instead of IHttpRequest in HttpContextFactory, was there a reason it wasn't defined this way to being with?
After the definition has been changed to HttpRequest, setting the Secure value should be easy enough.