Refactor trusted hosts check

Created on 24 October 2018, about 6 years ago
Updated 28 June 2024, 6 months ago

The TrustedHosts check only seems to analyze a sites main settings.php, but should also check any included/required settings.php. Some service providers automatically populate the trusted_host_patterns in environment-specific settings files based on domain names entered into their admin UI.

OR better yet, leverage or re-use code from the Drupal core check (see below) that checks for the trusted_hosts_pattern in the active environment, rather than inside settings files. This was previous suggested by @acrosman: https://www.drupal.org/project/security_review/issues/2855840#comment-12... β†’

From https://cgit.drupalcode.org/drupal/tree/core/modules/system/system.insta...

  // See if trusted hostnames have been configured, and warn the user if they
  // are not set.
  if ($phase == 'runtime') {
    $trusted_host_patterns = Settings::get('trusted_host_patterns');
    if (empty($trusted_host_patterns)) {
πŸ› Bug report
Status

Fixed

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States timwood Rockville, Maryland

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024