trusted_hosts should determine hostname from certificate CN on SSL requests
trusted_hosts is based on reverse DNS, but when requests come in over HTTPS, the CN should be parsed from the certificate's DN and used for comparison against the trusted hosts list.
Updated by Markus Frosch almost 9 years ago
Updated by Markus Frosch over 8 years ago
Finally(!!) had the time to work on the thing.
Should I open a PR or should we take care about additional tests?
I'm not sure how the test suite works though.
Updated by Dominic Cleal over 8 years ago
Nice, please do open a pull request and we can get it merged then. (Plus Jenkins will run the test suite for us.)
Adding new tests to test/sinatra/trusted_hosts_test.rb is probably best, but we can help with that in the PR if you're unsure.