You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Koken uses $_SERVER['HTTP_HOST'] as a base for building URL for assets and links. Depending on how Koken is hosted this can vary from the actual public hostname and lead to several issues. Additionally the variable can be altered by requests with the host header[1].
A possible solution would be to respect $config['base_url'] and set it in case no config for it is provided.
Koken uses
$_SERVER['HTTP_HOST']
as a base for building URL for assets and links. Depending on how Koken is hosted this can vary from the actual public hostname and lead to several issues. Additionally the variable can be altered by requests with the host header[1].A possible solution would be to respect
$config['base_url']
and set it in case no config for it is provided.[1] https://expressionengine.com/blog/http-host-and-server-name-security-issues
The text was updated successfully, but these errors were encountered: