Skip to content
Permalink
Browse files Browse the repository at this point in the history
Placeholder for site.uri.public in production
  • Loading branch information
Silic0nS0ldier committed Dec 12, 2021
1 parent ccaf4de commit 796dd78
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Expand Up @@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## Unreleased

### Security
- Added placeholder URL for `site.uri.public` in configuration to guard against Host Header Injection attacks by default in production.

## [v4.6.2]

### Changes
Expand Down
3 changes: 3 additions & 0 deletions app/sprinkles/core/config/production.php
Expand Up @@ -52,6 +52,9 @@
'ajax' => false,
'info' => false,
],
'uri' => [
'public' => 'https://example.com',
],
],
/*
* Send errors to log
Expand Down

0 comments on commit 796dd78

Please sign in to comment.