mikes-gh
commented
7 years ago Than ks for this. This is a good move. I always have to set it to false as it doesn't work with NGINX or ARR.
Closed Tratcher closed 7 years ago
mikes-gh
commented
7 years ago Than ks for this. This is a good move. I always have to set it to false as it doesn't work with NGINX or ARR.
190 RequireHeaderSymmetry is a paranoid level of security for forwarded headers that is broken in too many real world scenarios (including Azure). Changing the default to false.
When I changed the default I noticed some inconsistent handling of invalid IPs and cleaned that up a little.
Will follow up by removing the azure hack: https://github.com/aspnet/IISIntegration/blob/ce3c71b5b3499e83853d9ef1ad59e1e13e65c685/src/Microsoft.AspNetCore.Server.IISIntegration/WebHostBuilderIISExtensions.cs#L61-L66