Cisco Certified Network Associate Exam,640-802 CCNA All Answers ~100/100. Daily update
Popular posts from this blog
I am using the slimScroll plugin for jQuery by Piotr Rochala Which is a great plugin for nice scrollbars on most browsers but I am stuck because I am using it for a chat box and whenever the user appends new text to the boxit does scroll using the .scrollTop() method however the plugin's scrollbar doesnt scroll with it and when the user wants to look though the chat history it will start scrolling from near the top. I have made a quick demo of my situation http://jsfiddle.net/DY9CT/2/ Does anyone know how to solve this problem?
The page I am working on has a javascript function executed to print parts of the page. For some reason, printing in Safari, causes the window to somehow update. I say somehow, because it does not really refresh as in reload the page, but rather it starts the "rendering" of the page from start, i.e. scroll to top, flash animations start from 0, and so forth. The effect is reproduced by this fiddle: http://jsfiddle.net/fYmnB/ Clicking the print button and finishing or cancelling a print in Safari causes the screen to "go white" for a sec, which in my real website manifests itself as something "like" a reload. While running print button with, let's say, Firefox, just opens and closes the print dialogue without affecting the fiddle page in any way. Is there something with my way of calling the browsers print method that causes this, or how can it be explained - and preferably, avoided? P.S.: On my real site the same occurs with Chrome. In the ex
- Get link
- Other Apps
HTTP_HOST is the target host sent by the client. It can be manipulated freely by the user. It's no problem to send a request to your site asking for a HTTP_HOST value of www.stackoverflow.com.
ReplyDeleteSERVER_NAME comes from the server's VirtualHost definition and is therefore considered more reliable. It can, however, also be manipulated from outside under certain conditions related to how your web server is set up: See this This SO question that deals with the security aspects of both variations.
You shouldn't rely on either to be safe. That said, what to use really depends on what you want to do. If you want to determine which domain your script is running on, you can safely use HTTP_HOST as long as invalid values coming from a malicious user can't break anything.
Depends what I want to find out. SERVER_NAME is the host name of the server, whilst HTTP_HOST is the virtual host that the client connected to.
ReplyDeleteif you want to check through a server.php or what ever you want to call it with the following:
ReplyDelete<?php
phpinfo(INFO_VARIABLES);
?>
or
<?php
header("Content-type: text/plain");
print_r($_SERVER);
?>
Then access it with all the valid urls for your site and check out the difference.
It took me a while to understand what people meant by SERVER_NAME is more reliable. I use a shared server and does not have access to virtual host directives. So, I use mod_rewrite in .htaccess to map different HTTP_HOSTs to different directories. In that case, it is HTTP_HOST that is meaningful. The situation is similar if one uses name-based virtual hosts : the server_name directive within a virtual host simply says which HTTP_HOST will be mapped to this virtual host. The bottom line is that, in both cases, the "server name" provided by the client, which is actually called HTTP_HOST, must be matched with a name within the server, which is itself mapped to a directory. Whether the mapping is done with virtual host directives or with htaccess mod_rewrite rules is secondary here. In both cases, the HTTP_HOST must be the SERVER_NAME. I am glad that Apache is configured that way. However, the situation is different with IP-based virtual hosts. In this case and only in this case, SERVER_NAME and HTTP_HOST can be different, because now the client selects the server by the IP, not by the name. Indeed, there might be special configurations where this is important. So, starting from now, I will use SERVER_NAME, just in case my code is ported in these special configurations.
ReplyDeletePlease note that if you want to use IPv6, you probably want to use HTTP_HOST rather than SERVER_NAME . If you enter http://[::1]/ the environment variables will be the following:
ReplyDeleteHTTP_HOST = [::1]
SERVER_NAME = ::1
This means, that if you do a mod_rewrite for example, you might get a nasty result. Example for a SSL redirect:
# SERVER_NAME will NOT work - Redirection to https://::1/
RewriteRule .* https://%{SERVER_NAME}/
# HTTP_HOST will work - Redirection to https://[::1]/
RewriteRule .* https://%{HTTP_HOST}/
This applies ONLY if you access the server without an hostname.