If an user clicks on the link that says: Protecting against HTTP HOST Header attacks in the status report, is redirected to the documentation page that describes the process for Drupal 7 and Drupal 8. https://www.drupal.org/node/1992030
We have an exclusive node describing this change here: https://www.drupal.org/node/2410395 that in my opinion is more clear than the documentation that mix D7 and D8 stuff.
Comment | File | Size | Author |
---|---|---|---|
#3 | screenshot-2718197.png | 32.58 KB | dagmar |
#2 | 2718197-2.patch | 1.14 KB | dagmar |
Comments
Comment #2
dagmarHere is the proposed solution.
Comment #3
dagmarComment #4
dawehnerAgreed the change notice is a better place.
Comment #6
dagmarComment #7
dagmarComment #8
alexpottI'm not sure that we should be pointing people to CRs from the UI. Going to punt back to needs review and ask for a product manager review.
Comment #9
Bojhan CreditAttribution: Bojhan as a volunteer and commentedI agree with Alexpott here, it feels a bit technical - as users who face this error might be more helped with a documentation page.
Comment #10
webchickThis is like a 1% screen, so I don't think it needs product manager review.
That said, I agree that CRs are ephemeral, and could go away entirely, e.g. in Drupal 10, when Drupal 8 is EOLed. Best to create a new handbook page with the relevant information and link to it instead.