[ofbiz-framework] 04/04: Fixed: don't remove localhost from host-headers-allowed it was only for testing

jleroux Sat, 11 Jul 2020 01:01:07 -0700

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


commit d0fceffadda57dbe6e87398c47b4a575bc33137d
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Jul 11 09:57:56 2020 +0200

    Fixed: don't remove localhost from host-headers-allowed it was only for 
testing
---
 framework/security/config/security.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/security/config/security.properties 
b/framework/security/config/security.properties
index 8a1d353..bf1d075 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -154,7 +154,7 @@ security.token.key=security.token.key
 
 # -- List of domains or IP addresses to be checked to prevent Host Header 
Injection,
 # -- no spaces after commas,no wildcard, can be extended of course...
-host-headers-allowed=127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
+host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
 
 # -- By default the SameSite value in SameSiteFilter is 'strict'.
 # -- This property allows to change to 'lax' if needed.

[ofbiz-framework] 04/04: Fixed: don't remove localhost from host-headers-allowed it was only for testing

Reply via email to