Fix insecure WebSocket by using secure protocol (wss)

[Rajesh-Sangepu]

This PR addresses a Semgrep SAST finding where the launchpad GraphQL WebSocket connection was hardcoded to use ws://. This bypassed the existing protocol logic that correctly upgrades connections to wss:// when the application is served over HTTPS.

Details

Affected File: packages/frontend-shared/src/graphql/urqlClient.ts

Issue: Insecure WebSocket (detect-insecure-websocket)

Location: ~Line 239

Fix

The hardcoded ws:// URL has been replaced with the dynamically derived protocol already used elsewhere in the file. This ensures the WebSocket connection uses wss:// for HTTPS deployments while retaining ws:// for HTTP/local development.

• ? ws://${window.location.host}/__launchpad/graphql-ws

• ? ${protocol}//${window.location.host}/__launchpad/graphql-ws

Outcome

Secure WebSocket (wss://) is used automatically over HTTPS

Behavior is consistent across launchpad and non-launchpad targets

Resolves the reported SAST finding with a minimal, targeted change

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
0 out of 2 committers have signed the CLA.

❌ root
❌ Rajesh-Sangepu

---

root seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[cypress-app-bot]

• Create a Draft Pull Request if your PR is not ready for review. Mark the PR as Ready for Review when you're ready for a Cypress team member to review the PR.