If an user clicks on the link that says: Protecting against HTTP HOST Header attacks in the status report, is redirected to the documentation page that describes the process for Drupal 7 and Drupal 8. https://www.drupal.org/node/1992030

We have an exclusive node describing this change here: https://www.drupal.org/node/2410395 that in my opinion is more clear than the documentation that mix D7 and D8 stuff.

CommentFileSizeAuthor
#3 screenshot-2718197.png32.58 KBdagmar
#2 2718197-2.patch1.14 KBdagmar
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

dagmar created an issue. See original summary.

dagmar’s picture

dagmar
Primary language Spanish
Location Argentina
CreditAttribution: dagmar at Globant commented
Status: Active » Needs review
FileSize
2718197-2.patch1.14 KB

Here is the proposed solution.

dagmar’s picture

dagmar
Primary language Spanish
Location Argentina
CreditAttribution: dagmar at Globant commented
Issue summary: View changes
FileSize
screenshot-2718197.png32.58 KB
dawehner’s picture

dawehner
Primary language German
CreditAttribution: dawehner as a volunteer commented
Component: base system » system.module
Status: Needs review » Reviewed & tested by the community

Agreed the change notice is a better place.

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 2: 2718197-2.patch, failed testing.

dagmar’s picture

dagmar
Primary language Spanish
Location Argentina
CreditAttribution: dagmar at Globant commented
Status: Needs work » Needs review
dagmar’s picture

dagmar
Primary language Spanish
Location Argentina
CreditAttribution: dagmar at Globant commented
Status: Needs review » Reviewed & tested by the community
alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
CreditAttribution: alexpott at Chapter Three commented
Status: Reviewed & tested by the community » Needs review
Issue tags: +Needs product manager review

I'm not sure that we should be pointing people to CRs from the UI. Going to punt back to needs review and ask for a product manager review.

Bojhan’s picture

Bojhan CreditAttribution: Bojhan as a volunteer and commented

I agree with Alexpott here, it feels a bit technical - as users who face this error might be more helped with a documentation page.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
CreditAttribution: webchick at Acquia commented
Status: Needs review » Needs work
Issue tags: -Needs product manager review

This is like a 1% screen, so I don't think it needs product manager review.

That said, I agree that CRs are ephemeral, and could go away entirely, e.g. in Drupal 10, when Drupal 8 is EOLed. Best to create a new handbook page with the relevant information and link to it instead.

Version: 8.2.x-dev » 8.3.x-dev

Drupal 8.2.0-beta1 was released on August 3, 2016, which means new developments and disruptive changes should now be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.3.x-dev » 8.4.x-dev

Drupal 8.3.0-alpha1 will be released the week of January 30, 2017, which means new developments and disruptive changes should now be targeted against the 8.4.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.0-alpha1 will be released the week of July 31, 2017, which means new developments and disruptive changes should now be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.0-alpha1 will be released the week of January 17, 2018, which means new developments and disruptive changes should now be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.6.x-dev » 8.7.x-dev

Drupal 8.6.0-alpha1 will be released the week of July 16, 2018, which means new developments and disruptive changes should now be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.7.x-dev » 8.8.x-dev

Drupal 8.7.0-alpha1 will be released the week of March 11, 2019, which means new developments and disruptive changes should now be targeted against the 8.8.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.0-alpha1 will be released the week of October 14th, 2019, which means new developments and disruptive changes should now be targeted against the 8.9.x-dev branch. (Any changes to 8.9.x will also be committed to 9.0.x in preparation for Drupal 9’s release, but some changes like significant feature additions will be deferred to 9.1.x.). For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.9.x-dev » 9.1.x-dev

Drupal 8.9.0-beta1 was released on March 20, 2020. 8.9.x is the final, long-term support (LTS) minor release of Drupal 8, which means new developments and disruptive changes should now be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 9.1.x-dev » 9.2.x-dev

Drupal 9.1.0-alpha1 will be released the week of October 19, 2020, which means new developments and disruptive changes should now be targeted for the 9.2.x-dev branch. For more information see the Drupal 9 minor version schedule and the Allowed changes during the Drupal 9 release cycle.

Version: 9.2.x-dev » 9.3.x-dev

Drupal 9.2.0-alpha1 will be released the week of May 3, 2021, which means new developments and disruptive changes should now be targeted for the 9.3.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.3.x-dev » 9.4.x-dev

Drupal 9.3.0-rc1 was released on November 26, 2021, which means new developments and disruptive changes should now be targeted for the 9.4.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.4.x-dev » 9.5.x-dev

Drupal 9.4.0-alpha1 was released on May 6, 2022, which means new developments and disruptive changes should now be targeted for the 9.5.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 9.5.x-dev » 10.1.x-dev

Drupal 9.5.0-beta2 and Drupal 10.0.0-beta2 were released on September 29, 2022, which means new developments and disruptive changes should now be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 10.1.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch, which currently accepts only minor-version allowed changes. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.