volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More
AI OnAI Offsmart_toy

Host always read from Host-Header

Jan
Jan
Vote:
expand_less 0 expand_more

The Method EPiServer.Web.HttpContextExtensions.HostName is reading from the Host-Header instead of using the IRequestHostResolver, which might be a custom implementation.

The custom IRequestHostResolver might read the host from an X-Forwarded header

#257491
Jul 02, 2021 12:24
Jan
Jan
Vote:
expand_less 0 expand_more

ping - to bubble this topic up.

This is a real showstopper for us.

Any reaction would be appreciated.

#261755
Sep 06, 2021 15:37
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.