https://bz.apache.org/bugzilla/show_bug.cgi?id=57665
--- Comment #9 from Stefan Fussenegger <s...@molindo.at> --- There are other scenarios than "an intervening reverse-proxy". One example would be a CDN that use the Host header of the backend and adds the original value as X-Forwarded-Host. (e.g. "Host: origin.example.com" and "X-Fowarded-Host: cdn.example.com"). Some applications running on "origin.example.com" will then use the Host header to create absolute links and redirects to "origin.example.com" which isn't wanted. The easiest workaround is to hide the real value of the "Host" header and use "X-Forwarded-Host" instead - which is what this patch is doing. see http://stackoverflow.com/questions/19084340/real-life-usage-of-the-x-forwarded-host-header for more examples -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
