Slider Revolution - YouTube Video Will Not Play

rad · November 18, 2017, 1:00am

Hi there,

The SERVER_NAME is more reliable than HTTP_HOST, but yes, dependent to host configuration. But, it’s host responsibility to configure and provide proper information to the application running from its own environment.

Maybe your definition of safe is about usability and availability, but with safe as security, it’s safer to use SERVER_NAME since your host can enforce it regardless of who’s sending the request. While HTTP_HOST is something sent over the header, which the remote end could craft a value for HTTP_POST that isn’t your domain. Both are vulnerable, but at least the first one is host controlled.

Thanks for sharing.

sAustinPower · November 19, 2017, 12:43am

Thanks Rad - understand your reasoning here. I would still like this updated to HTTP_HOST if at all possible, however.

ruenel · November 19, 2017, 7:20am

Hello There,

No problem. We’re just glad that you were able to figure that out. We can submit this to the issue tracker of the Revolution Slider plugin so the developers of this plugin will be made aware of it.

Thank you.

system · November 29, 2017, 7:24am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

christian · April 18, 2019, 8:58am