-
Notifications
You must be signed in to change notification settings - Fork 446
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
_ #41
Comments
Not all browsers guarantee HTTP_HOST will be populated with a value |
what "wrong" value is $_SERVER['SERVER_NAME'] containing in your case? If it's an IP adress, it might be the same issue as mentioned in #31 |
see this thread for an excellent explanation of the differences http://stackoverflow.com/questions/2297403/http-host-vs-server-name |
from the "advertisement" on SO:The HTTP_HOST is obtained from the HTTP request header and this is what the client actually used as "target host" of the request. The SERVER_NAME is defined in server config. Which one to use depends on what you need it for. You should now however realize that the one is a client-controlled value which may thus not be reliable for use in business logic and the other is a server-controlled value which is more reliable. You however need to ensure that the webserver in question has the SERVER_NAME correctly configured. Taking Apache HTTPD as an example, here's an extract from its documentation: |
this is surprising to me! you claim this discussion is going in a non-sensical direction, but we are trying to show you that you are suggesting changing code that currently works as it should. There is a difference between SERVER_NAME, (configured on the server) versus HTTP_HOST (a property of a browser header sent to the server), and your suggested change will cause problems for the 99% of us. . |
HTTP_HOST is simply the wrong solution for this. This is what I implemented in 2.0.11:
|
It just means that if the SERVER_NAME doesn't have any domain name and it's not an IP address, there's no sense in limiting the cookie to the singular host/machine name like say "localhost" in a development environment. |
Invalid. Won't fix. |
@stehlo You can rewrite this setting at the top of your bootstrap code with F3::set('JAR.domain','example.com'); |
_
The text was updated successfully, but these errors were encountered: