projects / gpl / argeo-suite.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Force ODK to use https with reverse proxies
[gpl/argeo-suite.git] / org.argeo.app.servlet.odk / src / org / argeo / app / servlet / odk / OdkManifestServlet.java
diff --git a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
index 2c62ba10cfa647321a6eae52581db4e84a023561..36e8770bba6fa929feb8bceeaabbb3daf3dd5eee 100644 (file)
--- a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
+++ b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
@@ -54,12 +54,9 @@ public class OdkManifestServlet extends HttpServlet {
                if (pathInfo.startsWith("//"))
                        pathInfo = pathInfo.substring(1);
 
-//             String serverName = req.getServerName();
-//             int serverPort = req.getServerPort();
-//             String protocol = serverPort == 443 || req.isSecure() ? "https" : "http";
-//             String baseServer = protocol + "://" + serverName
-//                             + (serverPort == 80 || serverPort == 443 ? "" : ":" + serverPort);
-               StringBuilder baseServer = ServletUtils.getRequestUrlBase(req);
+               // we force HTTPS since ODK Collect will fail anyhow when sending http
+               // cf. https://forum.getodk.org/t/authentication-for-non-https-schems/32967/4
+               StringBuilder baseServer = ServletUtils.getRequestUrlBase(req, true);
 
                Session session = RemoteAuthUtils.doAs(() -> Jcr.login(repository, null), new ServletHttpRequest(req));
 
Argeo Suite - Productivity Applications