mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-29 20:59:23 +02:00
Update secure coding standards
As of SS4.0.0 and the introduction of TrustedProxyMiddleware, the default now if no trusted proxies are defined is that nothing is a trusted proxy, whereas in SS3 a missing declaration was treated as everything being allowed.
This commit is contained in:
parent
f788a8a927
commit
7083f016c1
@ -697,9 +697,7 @@ following in your .htaccess to ensure this behaviour is activated.
|
||||
</IfModule>
|
||||
```
|
||||
|
||||
In a future release this behaviour will be changed to be on by default, and this environment
|
||||
variable will be no longer necessary, thus it will be necessary to always set
|
||||
`SS_TRUSTED_PROXY_IPS` if using a proxy.
|
||||
As of SilverStripe 4, this behaviour is on by default, and the environment variable is no longer required. For correct operation, it is necessary to always set `SS_TRUSTED_PROXY_IPS` if using a proxy.
|
||||
|
||||
## Secure Sessions, Cookies and TLS (HTTPS)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user