chenyu-opensource commented on PR #43169: URL: https://github.com/apache/spark/pull/43169#issuecomment-1752228156
> There is still no explanation of what problem this solves HTTP Host header attack is a network security vulnerability that utilizes the "Host" header in HTTP requests. The Host header in the HTTP protocol is used to identify the target server of the HTTP request, indicating which host name or IP address the client wants to access the web application. If the server directly trusts the Host header without verifying its legitimacy, an attacker may use this controllable variable to inject the Host and manipulate the server's behavior. This pr used a whitelist method to solve this problem. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
