2017-12-14 11:00:46 +00:00
|
|
|
|
|
|
|
|
=== Host
|
|
|
|
|
|
2018-08-13 11:37:33 +00:00
|
|
|
{project_name} uses the public hostname for a number of things. For example, in the token issuer fields and URLs sent in
|
|
|
|
|
password reset emails.
|
2017-12-14 11:00:46 +00:00
|
|
|
|
2018-08-13 11:37:33 +00:00
|
|
|
By default, the hostname is based on the request headers and there is no check to make sure this hostname is valid.
|
2017-12-14 11:00:46 +00:00
|
|
|
|
|
|
|
|
If you are not using a load balancer or proxy in front of {project_name} that prevents invalid host headers, you must
|
2018-08-13 11:37:33 +00:00
|
|
|
explicitly configure what hostnames should be accepted.
|
2017-12-14 11:00:46 +00:00
|
|
|
|
2019-11-11 12:29:55 +00:00
|
|
|
The Hostname SPI provides a way to configure the hostname for a request. The out of the box provider allows setting
|
|
|
|
|
a fixed URL for frontend requests, while allowing backend requests to be based on the request URI. It is also possible
|
|
|
|
|
to develop your own provider in the case the built-in provider does not provide the functionality needed.
|
