[Ach] Redirect from HTTP to HTTPS and the big bad Host header - Github Pull #100
azet at azet.org
Fri Apr 3 17:07:08 CEST 2015
Daniel Kahn Gillmor wrote:
> I think Hanno's argument was not that we should continue to recommend
> $host here, but that from a security perspective, the user relying on
> good configuration here is lost anyway.
Oh. Seems I misunderstood that message entirely.
> I agree with this, but it's a little frustrating that it makes the
> documentation harder to write cleanly.
> Would $server_name be an acceptable substitution?
Sure, that's a great idea and is doing exactly what we want here.
@Christian: would you be willing to update your PR with $server_name?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Ach