ForwardedHeadersOptions.AllowedHosts Property
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The allowed values from x-forwarded-host. If the list is empty then all hosts are allowed. Failing to restrict this these values may allow an attacker to spoof links generated by your service.
public:
property System::Collections::Generic::IList<System::String ^> ^ AllowedHosts { System::Collections::Generic::IList<System::String ^> ^ get(); void set(System::Collections::Generic::IList<System::String ^> ^ value); };C#
public System.Collections.Generic.IList<string> AllowedHosts { get; set; }member this.AllowedHosts : System.Collections.Generic.IList<string> with get, setPublic Property AllowedHosts As IList(Of String)- Port numbers must be excluded.
- A top level wildcard "*" allows all non-empty hosts.
- Subdomain wildcards are permitted. E.g. "*.example.com" matches subdomains like foo.example.com, but not the parent domain example.com.
- Unicode host names are allowed but will be converted to punycode for matching.
- IPv6 addresses must include their bounding brackets and be in their normalized form.
| Product | Versions |
|---|---|
| ASP.NET Core | 2.1, 2.2, 3.0, 3.1, 5.0, 6.0, 7.0, 8.0, 9.0 |