-
### Problem Description
Sometimes, you need to use custom HTTP headers to bypass the authorization. One example is JWT tokens that are transferred via "Cookie" header.
### Proposed Solution
You shou…
vidok updated
2 weeks ago
-
Hey, I am having a real hard time disabling HTTP headers injection
I have a .NET core 3.1 application which I run, and I am having issues where external sites block me due to additional headers:
X-Dat…
-
• Description: Missing HSTS and X-Content-Type-Options headers could expose the application to man-in-the-middle attacks and content injection. Additionally, an outdated JavaScript library (Bootstrap)…
-
DTSPO-19466
-
### Feature or change description
Besides #604, [this mdn security analysis](https://developer.mozilla.org/en-US/observatory/analyze) shows further improvements to apply
-
Add HTTP headers for request mirroring in Envoy
**Description:**
AFAIK, the only way to distinguish a mirroring request from a origin request is whether or not the `-shadow` suffix is present in t…
-
### Description
I have a feed which provides CDN image paths, we have these linked to an asset field to import but the origin server throws a 403 Forbidden error on requests for the image which are l…
-
**Describe the feature**
Several HTTP headers are required while accessing the voyz/ibeam instance. The error messages are vague for some of these requirements.
- All requests require a User-Agent h…
-
### What happens?
The http secrets feature does not seem to parse env vars from the environment using the syntax suggested here:
https://github.com/duckdb/duckdb/blob/b484c2d96fa8fd4ba34e0a6bec72b23…
-
Context `Ctx` object contains a bunch of `VCL_HTTP` values - most of which users do not need most of the time. Instead, we should create an individual `VCL_HTTP` on demand:
```rust
pub fn user_fu…