Merge pull request #9229 from silverstripe/pulls/secure-coding-docs

Update secure coding standards
This commit is contained in:
Robbie Averill 2019-09-09 18:34:36 -07:00 committed by GitHub
commit b6fb6a6461
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -697,9 +697,7 @@ following in your .htaccess to ensure this behaviour is activated.
</IfModule>
```
In a future release this behaviour will be changed to be on by default, and this environment
variable will be no longer necessary, thus it will be necessary to always set
`SS_TRUSTED_PROXY_IPS` if using a proxy.
As of SilverStripe 4, this behaviour is on by default, and the environment variable is no longer required. For correct operation, it is necessary to always set `SS_TRUSTED_PROXY_IPS` if using a proxy.
## Secure Sessions, Cookies and TLS (HTTPS)