openfire-restAPI-plugin icon indicating copy to clipboard operation
openfire-restAPI-plugin copied to clipboard
verified publisher icon igniterealtime

Parsing of X-Forwarded-For style HTTP headers should be disabled by default

Open guusdk opened this issue 2 years ago • 0 comments

The REST API parses "X-Forwarded-For" headers by default. Instead, it should do so only when explicitly configured to do so. This reduces the attack surface of an abuse vector.

guusdk avatar Nov 14 '23 16:11 guusdk