RequestURL returns incorrect URL behind reverse proxy with stripped path prefixes

[markusnissl]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

The RequestURL function currently reconstructs the request URL using request URL, X-Forwarded-Host, and X-Forwarded-Proto.

When ORY is deployed behind a reverse proxy (e.g., Traefik) with path prefix stripping (StripPrefix), the reconstructed request URL sent to the frontend is incorrect. As it is used in displaying e.g., the "back button" when entering an identifiert, the url's of that back button are broken

I would have expected that Ory is taking the X-Forwarded-Prefix into account when constructing the RequestURL.

Reproducing the bug

1. Start kratos with an identity schema like attached and a config similar to the one attached

kratos.yml
identity_v0.schema.json

2. Get a reverse proxy in front of it, that strips/or redirects the url, e.g.
   traefik: ```
   traefik.http.middlewares.kratos-stripprefix.stripPrefix.prefixes: /.ory/kratos
   traefik.http.routers.kratos.middlewares: kratos-stripprefix@docker

[kratos.json](https://github.com/user-attachments/files/25934868/kratos.json)

3. Call the browser login flow via the proxy and observe the returned RequestURL.

If you need a fully working docker compose example, let me know, and I will try to attach it.

### Relevant log output

```shell

Relevant configuration

Version

v25.4.0

On which operating system are you observing this issue?

None

In which environment are you deploying?

Docker Compose

Additional Context

No response