Add option to allow redirects in form submission

[jniles]

Software and hardware versions

Collect v1.11.0, Android v5.1.1, Zuk Z1

Problem description

The ODK collect app forbids unexpected redirects using this line, presumably to prevent man in the middle attacks or other request hijacking. This makes it impossible to use a DNS redirect to allow us to upgrade our servers without changing out the settings in each individual Collect app. We host our Aggregate server on AppEngine, which does a hard redirect to the installation URL. The synergy of these two behaviors prevents using DNS to proxy requests to different servers.

Note that downloading forms from a proxied server is supported. However, form submission breaks.

Specifically, suppose you have two aggregate servers a.appspot.com and b.appspot.com. You are in the process of shifting all your clients (say, 1000 Collect apps) to using b.appspot.com, but you do not have access to the clients because they are in far-flung regions of Africa. You can use a DNS proxy, say odk.example.com, that you transparently proxy to a.appspot.com. Once you migrate all form definitions to b.appspot.com, you will then simply flip the DNS record to point to b.appspot.com. This prevents a costly recall from the field to reconfigure your Collect clients.

Steps to reproduce the problem

Set up a Google App Engine instance of Aggregate as described above. Use a DNS A record to point odk.customdomain.com to your Aggregate server. Pull a sample form, fill it out, and attempt to submit. You will get an Unauthorized redirect attempt error and the submission will not succeed.

Expected behavior

You should be able to submit to a server behind a proxy.

Other information

Ultimately, this could be viewed as a problem with either Aggregate or with Collect. Having the option to allow unauthorized redirects on Collect seems like the easiest solution to the problem, which is why I am proposing it here.