[Seaside-dev] Seaside 2.8 WAUrl>>takeParametersFromRequest:
X-Forwarded-Host
Randal L. Schwartz
merlyn at stonehenge.com
Tue Mar 25 01:50:55 UTC 2008
>>>>> "Michael" == Michael Lucas-Smith <mlucas-smith at cincom.com> writes:
Michael> It came to our attention that the #takeParametersFromRequest: method,
Michael> which rightly grabs the host, doesn't grab x-forwarded-host when it
Michael> is available. That means that the URLs put out by the anchor tag and
Michael> other such things will point to the internal address of the server
Michael> instead of the external address.
Beware of trusting x-forwarded-host unless you *know* the request
is coming from the right host though.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
More information about the seaside-dev
mailing list