You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, there is a hard-coded list of headers which are available on the connection. I think this should be configurable. Or at least all x- prefixed headers should be available.
I am trying to use Meteor with Sandstorm and the latter sends quite some information in proxied requests in headers with x- prefix. Currently all that is not accessible. :-(
The text was updated successfully, but these errors were encountered:
The problem with cookies also applies to the X-Sandstorm headers. The fact that they are added server-side by a reverse proxy does not make them any more trustworthy than cookies. In fact, the proxy derives these headers from a cookie. You should not whitelist them.
Currently, there is a hard-coded list of headers which are available on the connection. I think this should be configurable. Or at least all
x-
prefixed headers should be available.I am trying to use Meteor with Sandstorm and the latter sends quite some information in proxied requests in headers with
x-
prefix. Currently all that is not accessible. :-(The text was updated successfully, but these errors were encountered: