Force ODK to use https with reverse proxies

diff --git a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
index 41a3039a3df72909bba6ee1dbd5ce1f7ae6b4395..546a129a23b4eb4e05aa72bb6c258224fa2ca0fc 100644 (file)
--- a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
+++ b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
@@ -40,17 +40,9 @@ public class OdkFormListServlet extends HttpServlet {
                resp.setHeader("X-OpenRosa-Version", "1.0");
                resp.setDateHeader("Date", System.currentTimeMillis());
 
-////           String serverName = req.getServerName();
-////           int serverPort = req.getServerPort();
-////           String protocol = serverPort == 443 || req.isSecure() ? "https" : "http";
-////           String baseServer = protocol + "://" + serverName
-////                           + (serverPort == 80 || serverPort == 443 ? "" : ":" + serverPort);
-//             String requestUri=req.getRequestURI();
-//             String forwardedHost = req.getHeader("X-Forwarded-Host");
-//             URL requestUrl = new URL(req.getRequestURL().toString());
-//             String baseServer = requestUrl.getProtocol() + "://" + requestUrl.getHost()
-//                             + (requestUrl.getPort() > 0 ? ":" + requestUrl.getPort() : "");
-               StringBuilder baseServer = ServletUtils.getRequestUrlBase(req);
+               // we force HTTPS since ODK Collect will fail anyhow when sending http
+               // cf. https://forum.getodk.org/t/authentication-for-non-https-schems/32967/4
+               StringBuilder baseServer = ServletUtils.getRequestUrlBase(req, true);
 
                String pathInfo = req.getPathInfo();
 

diff --git a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
index 2c62ba10cfa647321a6eae52581db4e84a023561..36e8770bba6fa929feb8bceeaabbb3daf3dd5eee 100644 (file)
--- a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
+++ b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
@@ -54,12 +54,9 @@ public class OdkManifestServlet extends HttpServlet {
                if (pathInfo.startsWith("//"))
                        pathInfo = pathInfo.substring(1);
 
-//             String serverName = req.getServerName();
-//             int serverPort = req.getServerPort();
-//             String protocol = serverPort == 443 || req.isSecure() ? "https" : "http";
-//             String baseServer = protocol + "://" + serverName
-//                             + (serverPort == 80 || serverPort == 443 ? "" : ":" + serverPort);
-               StringBuilder baseServer = ServletUtils.getRequestUrlBase(req);
+               // we force HTTPS since ODK Collect will fail anyhow when sending http
+               // cf. https://forum.getodk.org/t/authentication-for-non-https-schems/32967/4
+               StringBuilder baseServer = ServletUtils.getRequestUrlBase(req, true);
 
                Session session = RemoteAuthUtils.doAs(() -> Jcr.login(repository, null), new ServletHttpRequest(req));