Marat Vyshegorodtsev

Having the same issue. It looks like there is code specifically for this issue, but it does not work for some reason: https://github.com/envygeeks/jekyll-assets/blob/ce5c8cc43df9911e0788f06423a27375ee67c00f/lib/jekyll/assets/utils.rb#L233

@dougwilson Thank you for a prompt response. `X-Forwarded-Proto` unlike security-critical headers such as `X-Forwarded-For` does not enable any attacks other than potential self-exploitation. Please let me know if I am...

@dougwilson yes, an opt-in configuration would help. Actually, it makes more sense, as it is a non-standard header. As for security implication (not for the sake of argument), I do...

I think it is better to keep the number of false positives to the minimum. So if some rule is producing noise, it is a good candidate for demotion. Side...