Details
-
Story
-
Resolution: Unresolved
-
Medium
-
3.3.29
-
Yes
Description
Ibexa is relying on the Host header for a number of things (like deciding on siteaccess and generating hrefs).
But Symfony or Ibexa DXP does not support the de-factor standard header X-Forwarded-Host (XFH) for identifying the original host requested by the client in the Host HTTP request header.
The use of this XFH header can be needed in production environment where there is a good mix of load balancers, HTTP caches and web servers and where the requests ending up on the webserver cannot contain the original Host header value due to infrastructure design.