[Ach] Redirect from HTTP to HTTPS and the big bad Host header - Github Pull #100

Aaron Zauner azet at azet.org
Fri Apr 3 17:07:08 CEST 2015


Hi dkg,

Daniel Kahn Gillmor wrote:
> I think Hanno's argument was not that we should continue to recommend
> $host here, but that from a security perspective, the user relying on
> good configuration here is lost anyway.

Oh. Seems I misunderstood that message entirely.

> I agree with this, but it's a little frustrating that it makes the
> documentation harder to write cleanly.
> 
> Would $server_name be an acceptable substitution?
> 
> http://nginx.org/en/docs/http/ngx_http_core_module.html#var_server_name
> 

Sure, that's a great idea and is doing exactly what we want here.

@Christian: would you be willing to update your PR with $server_name?

Thanks,
Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150403/4cff2480/attachment.sig>


More information about the Ach mailing list