Haoliang Gao 0eabce6389 fix: don't allow x-forwarded-host header (#2163) ...

It's a security issue, x-forwarded-host can be retreived
from ctx.host when app.config.proxy is true, and be injected
to cookie domain.

2018-03-05 18:10:37 +08:00

..

extend

fix: don't allow x-forwarded-host header (#2163)

2018-03-05 18:10:37 +08:00

middleware

feat: support Keep-Alive Header (#2146)

2018-02-28 18:03:56 +08:00