Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit2c280ba

Browse files
committed
minor#10138 Fix docs on trusted hosts (fabpot)
This PR was squashed before being merged into the 2.8 branch (closes#10138).Discussion----------Fix docs on trusted hostsTrusted hosts are always regular expressions.Commits-------e2744ad Fix docs on trusted hosts
2 parents8247d44 +e2744ad commit2c280ba

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

‎reference/configuration/framework.rst‎

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -379,16 +379,16 @@ method might be vulnerable to some of these attacks because it depends on
379379
the configuration of your web server. One simple solution to avoid these
380380
attacks is to whitelist the hosts that your Symfony application can respond
381381
to. That's the purpose of this ``trusted_hosts`` option. If the incoming
382-
request's hostname doesn't match one in this list, the application won't
383-
respond and the user will receive a500 response.
382+
request's hostname doesn't match oneof the regular expressionsin this list,
383+
the application won'trespond and the user will receive a400 response.
384384

385385
..configuration-block::
386386

387387
..code-block::yaml
388388
389389
# app/config/config.yml
390390
framework:
391-
trusted_hosts:['example.com', 'example.org']
391+
trusted_hosts:['^example\.com$', '^example\.org$']
392392
393393
..code-block::xml
394394
@@ -402,8 +402,8 @@ respond and the user will receive a 500 response.
402402
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
403403
404404
<framework:config>
405-
<framework:trusted-host>example.com</framework:trusted-host>
406-
<framework:trusted-host>example.org</framework:trusted-host>
405+
<framework:trusted-host>^example\.com$</framework:trusted-host>
406+
<framework:trusted-host>^example\.org$</framework:trusted-host>
407407
<!-- ...-->
408408
</framework:config>
409409
</container>
@@ -412,17 +412,17 @@ respond and the user will receive a 500 response.
412412
413413
// app/config/config.php
414414
$container->loadFromExtension('framework', array(
415-
'trusted_hosts' => array('example.com', 'example.org'),
415+
'trusted_hosts' => array('^example\.com$', '^example\.org$'),
416416
));
417417
418-
Hosts can also be configuredusing regular expressions (e.g. ``^(.+\.)?example.com$``),
419-
which make it easier to respond to any subdomain.
418+
Hosts can also be configuredto respond to any subdomain, via
419+
``^(.+\.)?example\.com$`` for instance.
420420

421421
In addition, you can also set the trusted hosts in the front controller
422422
using the ``Request::setTrustedHosts()`` method::
423423

424424
// web/app.php
425-
Request::setTrustedHosts(array('^(.+\.)?example.com$', '^(.+\.)?example.org$'));
425+
Request::setTrustedHosts(array('^(.+\.)?example\.com$', '^(.+\.)?example\.org$'));
426426

427427
The default value for this option is an empty array, meaning that the application
428428
can respond to any given host.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp