Thread: Calibre Content Server Security?
View Single Post
Old 04-20-2018, 11:59 AM   #3
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 45,400
Karma: 27756918
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
I looked up the spec and apparently absolute URIs in request lines are perfectly valid, so i cannot change the server to reject them. But, as I said, there is no security implication, from the server's point of view:

GET http://whaterver.com/some/path

is exactly the same as

GET /some/path

this is so because the server has no way to know its own domain name, if any, so it cannot tell if whatever.com is actually a valid host name for itself.
kovidgoyal is offline   Reply With Quote