_ #41
Comments
|
Not all browsers guarantee HTTP_HOST will be populated with a value |
|
what "wrong" value is $_SERVER['SERVER_NAME'] containing in your case? If it's an IP adress, it might be the same issue as mentioned in #31 |
|
see this thread for an excellent explanation of the differences http://stackoverflow.com/questions/2297403/http-host-vs-server-name |
from the "advertisement" on SO:The HTTP_HOST is obtained from the HTTP request header and this is what the client actually used as "target host" of the request. The SERVER_NAME is defined in server config. Which one to use depends on what you need it for. You should now however realize that the one is a client-controlled value which may thus not be reliable for use in business logic and the other is a server-controlled value which is more reliable. You however need to ensure that the webserver in question has the SERVER_NAME correctly configured. Taking Apache HTTPD as an example, here's an extract from its documentation: |
ghost
closed this as
|
this is surprising to me! you claim this discussion is going in a non-sensical direction, but we are trying to show you that you are suggesting changing code that currently works as it should. There is a difference between SERVER_NAME, (configured on the server) versus HTTP_HOST (a property of a browser header sent to the server), and your suggested change will cause problems for the 99% of us. . |
|
HTTP_HOST is simply the wrong solution for this. This is what I implemented in 2.0.11:
|
|
It just means that if the SERVER_NAME doesn't have any domain name and it's not an IP address, there's no sense in limiting the cookie to the singular host/machine name like say "localhost" in a development environment. |
|
Invalid. Won't fix. |
|
@stehlo You can rewrite this setting at the top of your bootstrap code with F3::set('JAR.domain','example.com'); |
_
The text was updated successfully, but these errors were encountered: