diff options
Diffstat (limited to 'user_guide_src/source')
-rw-r--r-- | user_guide_src/source/changelog.rst | 1 | ||||
-rw-r--r-- | user_guide_src/source/general/environments.rst | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index f57e244b1..909c3bc3c 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -503,6 +503,7 @@ Release Date: Not Released - Removed internal method ``_assign_to_config()`` and moved its implementation to *CodeIgniter.php* instead. - ``item()`` now returns NULL instead of FALSE when the required config item doesn't exist. - Added an optional second parameter to both ``base_url()`` and ``site_url()`` that allows enforcing of a protocol different than the one in the *base_url* configuration setting. + - Added HTTP "Host" header character validation to prevent cache poisoning attacks when ``base_url`` auto-detection is used. - :doc:`Security Library <libraries/security>` changes include: diff --git a/user_guide_src/source/general/environments.rst b/user_guide_src/source/general/environments.rst index d74ebb8d5..1ce4fde3a 100644 --- a/user_guide_src/source/general/environments.rst +++ b/user_guide_src/source/general/environments.rst @@ -20,7 +20,7 @@ the value provided in ``$_SERVER['CI_ENV']``, otherwise defaults to This server variable can be set in your .htaccess file, or Apache config using `SetEnv <https://httpd.apache.org/docs/2.2/mod/mod_env.html#setenv>`_. Alternative methods are available for nginx and other servers, or you can -remove this logic entirely and set the constant based on the HTTP_HOST or IP. +remove this logic entirely and set the constant based on the server's IP address. In addition to affecting some basic framework behavior (see the next section), you may use this constant in your own development to |