HTTP_HOST is not a reliable default prefix

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 4 months ago →
🇮🇹Italy apaderno Brescia, 🇮🇹
avpaderno → made their first commit to this issue’s fork.
Comment 4 months ago →
🇮🇹Italy apaderno Brescia, 🇮🇹
The value contained in $_SERVER['HTTP_HOST'] can be used for HTTP HOST Header attacks; that is why Drupal 8 introduced a trusted host setting → .

In the case of this module, one or more domains that point at the IP of an existing Drupal site which uses this module could end up filling APCu. This does not happen when the connection information is used for the APCu key because the prefix would be the same, independently from the domain used to connect to the site.
Merge request !20Issue #2898530: HTTP_HOST is not a reliable default prefix → (Merged) created by apaderno
Status changed to Needs review 4 months ago8:23am 22 July 2024
Comment 4 months ago →
🇮🇹Italy apaderno Brescia, 🇮🇹
Comment 4 months ago →
System Message

avpaderno → committed 3b05593f on 7.x-1.x
Issue #2898530: HTTP_HOST is not a reliable default prefix
Status changed to Fixed 4 months ago8:25am 22 July 2024
Comment 4 months ago →
🇮🇹Italy apaderno Brescia, 🇮🇹
Comment 4 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

Merge Requests