[Ach] Redirect from HTTP to HTTPS and the big bad Host header - Github Pull #100

[A. Schulze]

Christian Mehlmauer:

> So using the $host variable should be avoided were possible in my opinion
+1
We currently do not know how to exploit that. But maybe one day ...

If a webserver should redirect (from A) to B, why should I trust any  
user really ask for A?
Just send the intended answer ...
No matter of encryption or other stuff. Simply don't use user input  
where it's not needed.

Using $host has only one major benefit: it's easier to write/read in  
documentation.

Andreas