Changes between Initial Version and Version 1 of Ticket #19867, comment 5
- Timestamp:
- Feb 21, 2013, 2:32:02 AM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #19867, comment 5
initial v1 1 On Apache, by default, `SERVER_NAME` in under the control of the client: 2 3 See the docs for [http://httpd.apache.org/docs/2.4/en/mod/core.html#usecanonicalname UseCanonicalName]: 1 On Apache, by default, `SERVER_NAME` in under the control of the client. See the docs for [http://httpd.apache.org/docs/2.4/en/mod/core.html#usecanonicalname UseCanonicalName]: 4 2 >The CGI variables SERVER_NAME and SERVER_PORT will be constructed from the client supplied values as well. 5 3 … … 7 5 > If CGIs make assumptions about the values of SERVER_NAME they may be broken by this option. The client is essentially free to give whatever value they want as a hostname. But if the CGI is only using SERVER_NAME to construct self-referential URLs then it should be just fine. 8 6 7 ---- 8 9 9 Django isn't going to make assumptions that create security vulnerabilities by default.