We need to support verifying the HTTP Host header in order to prevent DNS rebinding. However, doing this properly will probably require user configuration. #6
I believe we can always accept localhost and 127.0.0.1. Then can we just use reverse DNS? More research required.
We need to support verifying the HTTP
Hostheader in order to prevent DNS rebinding. However, doing this properly will probably require user configuration. #6I believe we can always accept
localhostand127.0.0.1. Then can we just use reverse DNS? More research required.