Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-39636

Redirect requests that have a different HOST header than what is configured to the correct (configured) server url.

    XMLWordPrintable

Details

    • 1
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      There is an issue in server instances of Confluence caused by arbitrary HOST header of redirection. There have been a number of security issues in non-atlassian software caused by using the HOST header of an incoming request. Therefore, this suggestion issue to request that when Confluence sees a request with a HOST header that does not match the instance's server url to redirect the request to the server url.

      Attachments

        Issue Links

          relates to

          Suggestion - JRASERVER-44574 Redirect requests that have a different HOST header than what JIRA is configured to serve for to the correct (configured) JIRA server url.

          • Closed

          Suggestion - CONFCLOUD-39636 Redirect requests that have a different HOST header than what is configured to the correct (configured) server url.

          • Gathering Interest

          CSP-181918 Loading...

          links to

          Web Link SecuritySD SEC-486

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              f7daba91b15c Koen Gillard
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: