|
|
|
|
|
|
by adrianmonk
645 days ago
|
|
|
> yet another header with just the list of internal headers Or the same but with a list of headers which AREN'T internal. You'll probably have a custom header-adding function that people should always use instead of the regular one. And this way, if someone forgets to use it, their header will get stripped. You can think of a header escaping the internal network as something that needs to be authorized. This is a deny by default approach. |
|
|