https://bz.apache.org/bugzilla/show_bug.cgi?id=57665

--- Comment #9 from Stefan Fussenegger <s...@molindo.at> ---
There are other scenarios than "an intervening reverse-proxy". One example
would be a CDN that use the Host header of the backend and adds the original
value as X-Forwarded-Host. (e.g. "Host: origin.example.com" and
"X-Fowarded-Host: cdn.example.com"). Some applications running on
"origin.example.com" will then use the Host header to create absolute links and
redirects to "origin.example.com" which isn't wanted. The easiest workaround is
to hide the real value of the "Host" header and use "X-Forwarded-Host" instead
- which is what this patch is doing.


see
http://stackoverflow.com/questions/19084340/real-life-usage-of-the-x-forwarded-host-header
for more examples

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to