Redirect is broken when HTTP_X_FORWARDED_HOST contains multiple hosts
|Reported by:||Artur||Owned by:||nobody|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||yes|
HttpRequest.getHost uses HTTP_X_FORWARDED_HOST as a primary method of acquiring the host name of the server but does not take into account that it can be a list of multiple hosts separated by comma. Only the first host should be used if the header contains several.
Attached a patch for separating at the first comma if multiple hosts are listed.
Change History (12)
comment:1 Changed 7 years ago by tommycli@…
- Needs documentation unset
- Needs tests unset
- Patch needs improvement set
comment:2 Changed 7 years ago by kratorius
- Component changed from Uncategorized to HTTP handling
- Has patch set