From f0b1aa34ac2d575fa7006338d38eda0dceadf3ce Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Fri, 21 Nov 2025 21:40:45 -0800
Subject: [PATCH] apache: Preserve host header when proxying to service

- This allows us to perform some checks before redirecting for OpenID Connect.

Tests:

- Functional tests of many apps pass with the patch.

- OIDC related changes introduced later work due to this change.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 data/etc/apache2/conf-available/freedombox.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/etc/apache2/conf-available/freedombox.conf b/data/etc/apache2/conf-available/freedombox.conf
index 14d2b85fb..645d11173 100644
--- a/data/etc/apache2/conf-available/freedombox.conf
+++ b/data/etc/apache2/conf-available/freedombox.conf
@@ -57,6 +57,7 @@
 ##
 <Location /freedombox>
     ProxyPass        http://127.0.0.1:8000/freedombox
+    ProxyPreserveHost On
     ## Send the scheme from user's request to enable Plinth to redirect
     ## URLs, set cookies, set absolute URLs (if any) properly.
     RequestHeader    set X-Forwarded-Proto 'https' env=HTTPS
@@ -71,6 +72,7 @@
 </Location>
 <Location /plinth>
     ProxyPass        http://127.0.0.1:8000/freedombox
+    ProxyPreserveHost On
     RequestHeader    set X-Forwarded-Proto 'https' env=HTTPS
     RequestHeader    unset X-Forwarded-For
 </Location>