[
https://issues.apache.org/jira/browse/OFBIZ-11588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17077245#comment-17077245 ]
Jacques Le Roux edited comment on OFBIZ-11588 at 4/7/20, 1:41 PM:
------------------------------------------------------------------
Should we not care about security when using 0.0.0.0? When is it really needed instead of localhost or 127.0.0.1?
was (Author: jacques.le.roux):
Should we not care about security when using 0.0.0.0. When is it really needed instead of localhost or 127.0.0.1?
> Have 'host-headers-allowed' validation all local headers
> --------------------------------------------------------
>
> Key: OFBIZ-11588
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11588> Project: OFBiz
> Issue Type: Improvement
> Components: framework/security
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: CSRF, security
>
> The ip address 0.0.0.0 is missing from the list.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
