express icon indicating copy to clipboard operation
express copied to clipboard
Published 4 weeks ago verified publisher icon expressjs

test: add test for ignoring comma-separated X-Forwarded-Host when trust proxy disabled

Open Ayoub-Mabrouk opened this issue 2 months ago • 0 comments

Verify that req.host ignores comma-separated X-Forwarded-Host values when trust proxy is disabled, ensuring security by using Host header instead of potentially malicious forwarded headers

Ayoub-Mabrouk avatar Nov 10 '25 21:11 Ayoub-Mabrouk