[
https://issues.apache.org/jira/browse/OFBIZ-11588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17236062#comment-17236062 ]
Daniel Watford commented on OFBIZ-11588:
----------------------------------------
Hi [~jleroux]
If this PR is merged then host-headers-allowed in security.properties will become:
{quote}host-headers-allowed=0.0.0.0,localhost
{quote}
Therefore we would need to update host-headers-allowed before deployment to demo environments.
Are the deployment scripts for the demo environments stored in the ofbiz-framework repo? If so perhaps this PR should alter the deployment scripts to set host-headers-allowed as needed for the demo environments.
> Have 'host-headers-allowed' validation for all local headers
> ------------------------------------------------------------
>
> Key: OFBIZ-11588
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11588> Project: OFBiz
> Issue Type: Improvement
> Components: framework/security
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: CSRF, security
>
> The ip address 0.0.0.0 is missing from the list.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
