apache: Minor improvement to getting the request host

- Django's request.get_host() use X_FORWARDED_HOST when appropriate and falls
back to HTTP_HOST. In case of FreedomBox due to 'ProxyPreserveHost On' in Apache
configuration, both the values are the same. So, it makes no difference.

- Also document the need for 'ProxyPreserveHost On' in another validation.

Tests:

- Log the value of request_host, request.META['HTTP_HOST'], and
request.META['X_FORWARDED_HOST'] in DiscoverIDPView:get(). All the values are
same when accessing with IP address value not starting with 127.0.0.1.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

plinth/modules/apache/views.py

@@ -39,7 +39,7 @@ class DiscoverIDPView(View):
             return HttpResponseBadRequest(f'Cannot handle "{method}" method')
 
         oidc_callback_parts = urlparse(oidc_callback)
-        request_host = request.META['HTTP_HOST']
+        request_host = request.get_host()
         if request_host != oidc_callback_parts.netloc:
             return HttpResponseBadRequest(
                 f'Cannot redirect from {request_host} to a different host '

plinth/modules/oidc/validators.py

@@ -81,6 +81,8 @@ def _validate_local_domains_and_ips(redirect_uri, request,
     Scheme is not checked. Changing IP address during OpenID Connect flow is
     not allowed.
     """
+    # Requires 'ProxyPreserveHost On' in Apache2 configuration for proxying
+    # requests to FreedomBox service.
     request_host = request.headers.get('HTTP_HOST')
 
     parsed_redirect_uri = urllib.parse.urlparse(redirect_uri)