[ofbiz-framework] 03/03: Fixed: don't remove localhost from host-headers-allowed this was only for testing

jleroux Sat, 11 Jul 2020 00:59:14 -0700

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


commit ecc4e84a956d6b87a2a4e064e1f614b78a9df0b7
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Jul 11 09:57:04 2020 +0200

    Fixed: don't remove localhost from host-headers-allowed this was only for 
testing
---
 framework/security/config/security.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/security/config/security.properties 
b/framework/security/config/security.properties
index 8992fa1..fa64fa5 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -154,7 +154,7 @@ security.token.key=security.token.key
 
 # -- List of domains or IP addresses to be checked to prevent Host Header 
Injection, 
 # -- no spaces after commas,no wildcard, can be extended of course...
-host-headers-allowed=127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
+host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
 
 # -- By default the SameSite value in SameSiteFilter is strict. This allows to 
change it to lax if needed  
 SameSiteCookieAttribute=

[ofbiz-framework] 03/03: Fixed: don't remove localhost from host-headers-allowed this was only for testing

Reply via email to