Additionally request variable SERVER_NAME

[EdMueller]

$this->app->request ()->host results in $_SERVER['HTTP_HOST'], which could be forged from outside.

Could you add a new variable e.g "servername" with $this->app->request ()->servername, which delivers the content of $_SERVER['SERVER_NAME']?

CAUTION: Note: Under Apache 2, UseCanonicalName = On and ServerName must be set. Otherwise, this value reflects the hostname supplied by the client, which can be spoofed. It is not safe to rely on this value in security-dependent contexts.

[n0nag0n]

Hey there,

I mean I could do that. You also have a couple options to approach this with.

You could extend the Request class and add it in yourself and then register that class. Something like:

// utils/MyRequest.php

class MyRequest extends flight\net\Request {

    protected string $servername

    public function init(array $properties = []): self
        $properties['servername'] = self::getVar('SERVER_NAME');
        parent::init($properties);
    }
}

// index.php or wherever
Flight::register('request', MyRequest::class);

You also could just use Request::getVar('SERVER_NAME') in your code to pull that value out as well.

I'll consider putting this in a future release though.

[n0nag0n]

This will be merged in next version #651