epriestley fc950140b4 Blanket reject request which may have been poisoned by a "Proxy" header to mitigate the httpoxy vulnerability ... Summary: See accompanying discussion in T11359. As far as I can tell we aren't vulnerable, but subprocesses could be (now, or in the future). Reject any request which may have a `Proxy:` header. This will also do a false-positive reject if `HTTP_PROXY` is defined in the environment, but this is likely a misconfiguration (cURL does not read it). I'll provide guidance on this. Test Plan: - Made requests using `curl -H Proxy:...`, got rejected. - Made normal requests, got normal pages. Reviewers: chad, avivey Reviewed By: avivey Differential Revision: https://secure.phabricator.com/D16318		2016-07-21 20:18:06 -07:00
..
aphlict/server	Support Aphlict clustering	2016-04-14 13:26:30 -07:00
bin	Ignore and README for support/bin	2013-04-03 12:58:39 -07:00
empty	Various linter fixes.	2014-02-26 12:44:58 -08:00
lint	Swap charts from gRaphael to D3	2016-02-01 10:36:59 -08:00
phame	Delete license headers from files	2012-11-05 11:16:51 -08:00
PhabricatorStartup.php	Blanket reject request which may have been poisoned by a "Proxy" header to mitigate the httpoxy vulnerability	2016-07-21 20:18:06 -07:00