From 6327c066f1382431522d7fb22eded130f824d81d Mon Sep 17 00:00:00 2001 From: Continuous integration Date: Fri, 1 Nov 2024 15:12:56 +0000 Subject: [PATCH] Upgrade to master --- CONST_CHANGELOG.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CONST_CHANGELOG.txt b/CONST_CHANGELOG.txt index 357ffc928..1544b6c80 100644 --- a/CONST_CHANGELOG.txt +++ b/CONST_CHANGELOG.txt @@ -35,7 +35,8 @@ Information Now everywhere: - If the hostname (with port) of the candidate URL equals to the request's header "Host", then it's OK. - If the hostname (with port) of the candidate URL is in the allowed list, then it's OK. - And they should be netloc (hostname with port) without schema or path. + And they should be netloc (hostname with port) without schema or path + (if schema or path is present they are ignored). The `vars.allowed_hosts` is added to allowed only some authorized host. 2. We replace checks (formatting) done by `c2cciutils` by `pre-commit` hooks.