From: Mathieu Baudier Date: Fri, 12 May 2023 10:06:04 +0000 (+0200) Subject: Ability to force https for reverse proxies X-Git-Tag: v2.3.16~5 X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=70ef84e6064700e55cc5cc02c2c8a41babfb7afc;p=lgpl%2Fargeo-commons.git Ability to force https for reverse proxies --- diff --git a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java index 072417a8a..758ef91d3 100644 --- a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java +++ b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java @@ -18,6 +18,19 @@ public class ServletUtils { * '/'), taking into account reverse proxies. */ public static StringBuilder getRequestUrlBase(HttpServletRequest req) { + return getRequestUrlBase(req, false); + } + + /** + * The base URL for this query (without any path component (not even an ending + * '/'), taking into account reverse proxies. + * + * @param forceReverseProxyHttps if a reverse proxy is detected and this is set + * to true, the https scheme will be used. This is + * to work around issued when the an https reverse + * proxy is talking to an http application. + */ + public static StringBuilder getRequestUrlBase(HttpServletRequest req, boolean forceReverseProxyHttps) { List viaHosts = new ArrayList<>(); for (Enumeration it = req.getHeaders(VIA.getHeaderName()); it.hasMoreElements();) { String[] arr = it.nextElement().split(" "); @@ -38,7 +51,11 @@ public class ServletUtils { boolean isReverseProxy = outerHost != null && !outerHost.equals(requestUrl.getHost()); if (isReverseProxy) { - String protocol = req.isSecure() ? "https" : "http"; + String protocol; + if (forceReverseProxyHttps) + protocol = "https"; + else + protocol = req.isSecure() ? "https" : "http"; return new StringBuilder(protocol + "://" + outerHost); } else { return new StringBuilder(requestUrl.getScheme() + "://" + requestUrl.getHost()