You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The specification for the X-Forwarded headers specifies that multiple comma separated values can be used when behind a series of proxies. The current server code does not account for this, and instead incorrectly assumes only a single value is present. This means that when it goes to build the full url it can produce something like http, http://myhost, myhost:8080
If possible this code should account for the multiple values.
In reality, when testing I found that pulling any information at all from the incoming request is prone to error and danger. It would be better to have the WS hostname defined as a server setting rather than pulling it from the host of the incoming request.
The text was updated successfully, but these errors were encountered:
The specification for the X-Forwarded headers specifies that multiple comma separated values can be used when behind a series of proxies. The current server code does not account for this, and instead incorrectly assumes only a single value is present. This means that when it goes to build the full url it can produce something like
http, http://myhost, myhost:8080
If possible this code should account for the multiple values.
In reality, when testing I found that pulling any information at all from the incoming request is prone to error and danger. It would be better to have the WS hostname defined as a server setting rather than pulling it from the host of the incoming request.
The text was updated successfully, but these errors were encountered: