From 70ef84e6064700e55cc5cc02c2c8a41babfb7afc Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Fri, 12 May 2023 12:06:04 +0200 Subject: [PATCH] Ability to force https for reverse proxies --- .../org/argeo/cms/servlet/ServletUtils.java | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java index 072417a8a..758ef91d3 100644 --- a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java +++ b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java @@ -18,6 +18,19 @@ public class ServletUtils { * '/'), taking into account reverse proxies. */ public static StringBuilder getRequestUrlBase(HttpServletRequest req) { + return getRequestUrlBase(req, false); + } + + /** + * The base URL for this query (without any path component (not even an ending + * '/'), taking into account reverse proxies. + * + * @param forceReverseProxyHttps if a reverse proxy is detected and this is set + * to true, the https scheme will be used. This is + * to work around issued when the an https reverse + * proxy is talking to an http application. + */ + public static StringBuilder getRequestUrlBase(HttpServletRequest req, boolean forceReverseProxyHttps) { List viaHosts = new ArrayList<>(); for (Enumeration it = req.getHeaders(VIA.getHeaderName()); it.hasMoreElements();) { String[] arr = it.nextElement().split(" "); @@ -38,7 +51,11 @@ public class ServletUtils { boolean isReverseProxy = outerHost != null && !outerHost.equals(requestUrl.getHost()); if (isReverseProxy) { - String protocol = req.isSecure() ? "https" : "http"; + String protocol; + if (forceReverseProxyHttps) + protocol = "https"; + else + protocol = req.isSecure() ? "https" : "http"; return new StringBuilder(protocol + "://" + outerHost); } else { return new StringBuilder(requestUrl.getScheme() + "://" + requestUrl.getHost() -- 2.30.2