-
Committer:
Marius Gedminas
-
Date:
2018-01-28 09:46:15 UTC
-
Revision ID:
git-v1:ef8d9e155dc4f4ca934bd5aa26ab36fb94b6e89b
Protect against DNS rebinding attacks
Fixes #51.
The --allowed-hosts command-line argument is underdocumented (I don't
mention that the values should be space or comma-separated, nor that
glob-style wildcards * and ? are allowed).
I was unable to convince restview to listen on IPv6, so I don't know
whether ::1 or [::1] or ip6-localhost should be in the default
allowed_hosts list.