Force ODK to use https with reverse proxies

[gpl/argeo-suite.git] / org.argeo.app.servlet.odk / src / org / argeo / app / servlet / odk / OdkFormListServlet.java

diff --git a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
index 41a3039a3df72909bba6ee1dbd5ce1f7ae6b4395..546a129a23b4eb4e05aa72bb6c258224fa2ca0fc 100644 (file)
--- a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
+++ b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
@@ -40,17 +40,9 @@ public class OdkFormListServlet extends HttpServlet {
                resp.setHeader("X-OpenRosa-Version", "1.0");
                resp.setDateHeader("Date", System.currentTimeMillis());
 
-////           String serverName = req.getServerName();
-////           int serverPort = req.getServerPort();
-////           String protocol = serverPort == 443 || req.isSecure() ? "https" : "http";
-////           String baseServer = protocol + "://" + serverName
-////                           + (serverPort == 80 || serverPort == 443 ? "" : ":" + serverPort);
-//             String requestUri=req.getRequestURI();
-//             String forwardedHost = req.getHeader("X-Forwarded-Host");
-//             URL requestUrl = new URL(req.getRequestURL().toString());
-//             String baseServer = requestUrl.getProtocol() + "://" + requestUrl.getHost()
-//                             + (requestUrl.getPort() > 0 ? ":" + requestUrl.getPort() : "");
-               StringBuilder baseServer = ServletUtils.getRequestUrlBase(req);
+               // we force HTTPS since ODK Collect will fail anyhow when sending http
+               // cf. https://forum.getodk.org/t/authentication-for-non-https-schems/32967/4
+               StringBuilder baseServer = ServletUtils.getRequestUrlBase(req, true);
 
                String pathInfo = req.getPathInfo();