网络营销电子商务研究中心

网络营销电子商务研究中心 (https://www.0058.net/index.php)
-   Drupal (https://www.0058.net/forumdisplay.php?f=67)
-   -   Drupal 8 New setting for trusted hostname configuration (https://www.0058.net/showthread.php?t=5355)

Oak Forest 2015-12-03 02:31 PM
Drupal 8 New setting for trusted hostname configuration
 
Description:



It is possible to spoof the HTTP Host header for nefarious purposes, and trick Drupal into using a different domain name in several subsystems (particularly link generation). The Symfony framework provides a trusted host mechanism, where site administrators can whitelist hostnames. This mechanism can now be configured through settings.php.

$settings['trusted_host_patterns']

$settings['trusted_host_patterns'] should be an array of regular expression patterns, without delimiters, representing the hosts you would like to allow.

Examples

If a site is run off of a single, canonical domain, then

Code:
$settings['trusted_host_patterns'] = array(
  '^www\.example\.com$',
);
will allow the site to only run from www.example.com. If you need to run a site off of multiple domains, and are not doing canonical URL redirection, then

Code:
$settings['trusted_host_patterns'] = array(
  '^example\.com$',
  '^.+\.example\.com$',
  '^example\.org',
  '^.+\.example\.org',
);
will allow the site to run off of all variants of example.com and example.org, with all subdomains included.


All times are GMT +8. The time now is 10:43 AM.

Powered by vBulletin Version 3.8.7
Copyright ©2000 - 2026, Jelsoft Enterprises Ltd.