[Ach] Redirect from HTTP to HTTPS and the big bad Host header - Github Pull #100
Aaron Zauner
azet at azet.org
Fri Apr 3 17:07:08 CEST 2015
Hi dkg,
Daniel Kahn Gillmor wrote:
> I think Hanno's argument was not that we should continue to recommend
> $host here, but that from a security perspective, the user relying on
> good configuration here is lost anyway.
Oh. Seems I misunderstood that message entirely.
> I agree with this, but it's a little frustrating that it makes the
> documentation harder to write cleanly.
>
> Would $server_name be an acceptable substitution?
>
> http://nginx.org/en/docs/http/ngx_http_core_module.html#var_server_name
>
Sure, that's a great idea and is doing exactly what we want here.
@Christian: would you be willing to update your PR with $server_name?
Thanks,
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150403/4cff2480/attachment.sig>
More information about the Ach
mailing list