We need to support verifying the HTTP Host header in order to prevent DNS rebinding. However, doing this properly will probably require user configuration. #6
I believe we can always accept localhost and 127.0.0.1. Then can we just use reverse DNS? More research required.
We need to support verifying the HTTP
Host
header in order to prevent DNS rebinding. However, doing this properly will probably require user configuration. #6I believe we can always accept
localhost
and127.0.0.1
. Then can we just use reverse DNS? More research required.