Closed chrisrowe closed 5 years ago
I also remembered after digging through Yii's Request.php
that both serverName and hostInfo are susceptible to Host spoofing by passing a header. Is this something primaryDomain
is designed for, to prevent cache poisoning attacks?
@chrisrowe Thank you!
I've been lagging behind on Patrol maintenance, your help is much appreciated.
Primary domain is used in routing but for a slightly different purpose than SSL alone. It let's you redirect to a specific domain if your site/app can be accessed via different domains.
@selvinortiz Thanks, any idea when you'll be cutting a new release for this?
@chrisrowe Sorry about the delay, Chris. I'll do my best to cut a new release before the weekend.
This ensures Patrol starts with a
baseUrl
containing the schema (and includes a port if used) before trimming/replacinghttp:
and avoids it throwing aFILTER_VALIDATE_URL
exception. I also added the available override setting to the readme.