Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proper handling for default ports in auth stripping #4851

Merged
merged 1 commit into from Oct 29, 2018

Conversation

nateprewitt
Copy link
Member

This is an attempt to address the default port issues presented in #4850. Our recent changes around auth stripping to handle downgrade attacks in #4718 broke compatibility for cases like http://example.com:80 -> http://example.com. This will allow the use of "default" ports and no port interchangeably.

If you get a moment @sigmavirus24, I'd like a second pair of eyes on this. I'm not ecstatic about continuing to expand this function, but I don't think there's an easier simplification of what we have.

@sigmavirus24 sigmavirus24 merged commit eaab47f into master Oct 29, 2018
@sigmavirus24 sigmavirus24 deleted the default_port_handling branch October 29, 2018 12:56
@rishabh5j
Copy link

@nateprewitt : hi nate. version bump not required?

@nateprewitt
Copy link
Member Author

@rishabh5j, this will be in the next release, likely 2.20.1.

@rishabh5j
Copy link

@nateprewitt : thanks i can see its version upped now.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 1, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants