abdulsalam3105 opened a new issue, #12064:
URL: https://github.com/apache/trafficserver/issues/12064
I have a plug-in info in header_rewrite.config which contains
cond %{SEND_REQUEST_HDR_HOOK}
set-header Host "trafficserfqdn
Which is most important in my setup because in remap I specify iHS as origin
which is behind my application.
Due to change in this version. It doesn’t consider info in config file.
Request send to my authserver and remap executed before plug-in executes
And authserver reruns redirect uri as IhS url instead of traffic server url
and it leads csrf attack
Any solution to execute plug-in first
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
