Ability to force https for reverse proxies

author Mathieu Baudier <mbaudier@argeo.org>

Fri, 12 May 2023 10:06:04 +0000 (12:06 +0200)

committer Mathieu Baudier <mbaudier@argeo.org>

Fri, 12 May 2023 10:06:04 +0000 (12:06 +0200)
author Mathieu Baudier <mbaudier@argeo.org>
Fri, 12 May 2023 10:06:04 +0000 (12:06 +0200)
committer Mathieu Baudier <mbaudier@argeo.org>
Fri, 12 May 2023 10:06:04 +0000 (12:06 +0200)
diff --git a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java

index 072417a8a99f3962f349c8d54b0cd5c853422c62..758ef91d3ce0d0168b844d7a3b843fdb8e4e85ca 100644 (file)
--- a/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java
+++ b/org.argeo.cms.ee/src/org/argeo/cms/servlet/ServletUtils.java
@@ -18,6 +18,19 @@ public class ServletUtils {
          * '/'), taking into account reverse proxies.
          */
         public static StringBuilder getRequestUrlBase(HttpServletRequest req) {
+               return getRequestUrlBase(req, false);
+       }
+
+       /**
+        * The base URL for this query (without any path component (not even an ending
+        * '/'), taking into account reverse proxies.
+        * 
+        * @param forceReverseProxyHttps if a reverse proxy is detected and this is set
+        *                               to true, the https scheme will be used. This is
+        *                               to work around issued when the an https reverse
+        *                               proxy is talking to an http application.
+        */
+       public static StringBuilder getRequestUrlBase(HttpServletRequest req, boolean forceReverseProxyHttps) {
                 List<String> viaHosts = new ArrayList<>();
                 for (Enumeration<String> it = req.getHeaders(VIA.getHeaderName()); it.hasMoreElements();) {
                         String[] arr = it.nextElement().split(" ");
@@ -38,7 +51,11 @@ public class ServletUtils {
  
                 boolean isReverseProxy = outerHost != null && !outerHost.equals(requestUrl.getHost());
                 if (isReverseProxy) {
-                       String protocol = req.isSecure() ? "https" : "http";
+                       String protocol;
+                       if (forceReverseProxyHttps)
+                               protocol = "https";
+                       else
+                               protocol = req.isSecure() ? "https" : "http";
                         return new StringBuilder(protocol + "://" + outerHost);
                 } else {
                         return new StringBuilder(requestUrl.getScheme() + "://" + requestUrl.getHost()
author	Mathieu Baudier <mbaudier@argeo.org>
	Fri, 12 May 2023 10:06:04 +0000 (12:06 +0200)
committer	Mathieu Baudier <mbaudier@argeo.org>
	Fri, 12 May 2023 10:06:04 +0000 (12:06 +0200)