From 2e895e3a6f06f18642851b72d90fd72391e4a81a Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 12 May 2023 12:07:47 +0200
Subject: [PATCH] Force ODK to use https with reverse proxies

---
 .../argeo/app/servlet/odk/OdkFormListServlet.java  | 14 +++-----------
 .../argeo/app/servlet/odk/OdkManifestServlet.java  |  9 +++------
 2 files changed, 6 insertions(+), 17 deletions(-)

diff --git a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
index 41a3039..546a129 100644
--- a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
+++ b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkFormListServlet.java
@@ -40,17 +40,9 @@ public class OdkFormListServlet extends HttpServlet {
 		resp.setHeader("X-OpenRosa-Version", "1.0");
 		resp.setDateHeader("Date", System.currentTimeMillis());
 
-////		String serverName = req.getServerName();
-////		int serverPort = req.getServerPort();
-////		String protocol = serverPort == 443 || req.isSecure() ? "https" : "http";
-////		String baseServer = protocol + "://" + serverName
-////				+ (serverPort == 80 || serverPort == 443 ? "" : ":" + serverPort);
-//		String requestUri=req.getRequestURI();
-//		String forwardedHost = req.getHeader("X-Forwarded-Host");
-//		URL requestUrl = new URL(req.getRequestURL().toString());
-//		String baseServer = requestUrl.getProtocol() + "://" + requestUrl.getHost()
-//				+ (requestUrl.getPort() > 0 ? ":" + requestUrl.getPort() : "");
-		StringBuilder baseServer = ServletUtils.getRequestUrlBase(req);
+		// we force HTTPS since ODK Collect will fail anyhow when sending http
+		// cf. https://forum.getodk.org/t/authentication-for-non-https-schems/32967/4
+		StringBuilder baseServer = ServletUtils.getRequestUrlBase(req, true);
 
 		String pathInfo = req.getPathInfo();
 
diff --git a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
index 2c62ba1..36e8770 100644
--- a/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
+++ b/org.argeo.app.servlet.odk/src/org/argeo/app/servlet/odk/OdkManifestServlet.java
@@ -54,12 +54,9 @@ public class OdkManifestServlet extends HttpServlet {
 		if (pathInfo.startsWith("//"))
 			pathInfo = pathInfo.substring(1);
 
-//		String serverName = req.getServerName();
-//		int serverPort = req.getServerPort();
-//		String protocol = serverPort == 443 || req.isSecure() ? "https" : "http";
-//		String baseServer = protocol + "://" + serverName
-//				+ (serverPort == 80 || serverPort == 443 ? "" : ":" + serverPort);
-		StringBuilder baseServer = ServletUtils.getRequestUrlBase(req);
+		// we force HTTPS since ODK Collect will fail anyhow when sending http
+		// cf. https://forum.getodk.org/t/authentication-for-non-https-schems/32967/4
+		StringBuilder baseServer = ServletUtils.getRequestUrlBase(req, true);
 
 		Session session = RemoteAuthUtils.doAs(() -> Jcr.login(repository, null), new ServletHttpRequest(req));
 
-- 
2.30.2