Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
1
-
Description
NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion.
There is an issue in server instances of Confluence caused by arbitrary HOST header of redirection. There have been a number of security issues in non-atlassian software caused by using the HOST header of an incoming request. Therefore, this suggestion issue to request that when Confluence sees a request with a HOST header that does not match the instance's server url to redirect the request to the server url.
Attachments
Issue Links
- is related to
-
CONFSERVER-39636 Redirect requests that have a different HOST header than what is configured to the correct (configured) server url.
- Closed
- relates to
-
JRACLOUD-44574 Redirect requests that have a different HOST header than what JIRA is configured to serve for to the correct (configured) JIRA server url.
- Closed