Formhub own's URL protocol is hardcoded to http, causing issues with Enketo and insecure transport when secure is expected.

SEL-Columbia / formhub

Mobile Data Collection made easy.

http://formhub.org

BSD 2-Clause "Simplified" License

259 stars 163 forks source link

Formhub own's URL protocol is hardcoded to http, causing issues with Enketo and insecure transport when secure is expected. #1331

Closed MartijnR closed 10 years ago

MartijnR commented 10 years ago

I ran across this question a few times. If formhub is hosted on https only, the server_url parameter sent to enketo's API should be:

https://myformub.com/account (https)

By default, it seems formhub continues to send the http server_url when hosted on https:

http://myformhub.com/account (http)

The 2 issues this causes are:

If the formhub service is not available on http, Enketo cannot retrieve the XForm (nor submit records)
Transport between the Enketo server and the Formhub server is unencrypted

Could somebody point me to the setting where this can be changed please?

MartijnR commented 10 years ago

This appears to be where Enketo API calls are made. If I understand this correctly, the form_url (i.e. the account url) parameter is hardcoded to http below:

MartijnR commented 10 years ago

Can we do something like this (psuedo code) perhaps?

if request.is_secure() 
       protocol = 'https' 
else 
       protocol = 'http'

and then build the formhub_url from that?

ukanga commented 10 years ago

I think that is ideal, it could be done this way.

MartijnR commented 10 years ago

thanks @ukanga

On Sun, Jun 15, 2014 at 3:17 AM, ukanga notifications@github.com wrote:

I think that is ideal, it could be done this way.

— Reply to this email directly or view it on GitHub https://github.com/SEL-Columbia/formhub/issues/1331#issuecomment-46110898 .

Did you know that Enketo Smart Paper has now become the #1 tool for data collection? Don't fall behind. Use it!

Enketo https://enketo.org | LinkedIn http://www.linkedin.com/company/enketo-llc | GitHub https://github.com/MartijnR | Twitter https://twitter.com/enketo

dpapathanasiou commented 10 years ago

I addressed this differently in this commit https://github.com/SEL-Columbia/formhub/commit/f75360ba72e1f810214fb76056b70979bca49f2b (the slim_dedicated_server is going to be merged into master soon).

MartijnR commented 10 years ago

Whooohoooo! Yes!!! :+1:

dpapathanasiou commented 10 years ago

Ha, thanks.

One p.o.s. code block cleared, 76,786,778,965,786,672,346,786 to go...