| Table of Contents |
|---|
Background
SP releases starting with 1.3.1 have included a feature in some of the filters/modules called "spoof checking". The purpose of this feature is to actively scan the HTTP headers in each client request and attempt to detect if any of them map to a header variable under the SP's "control". The SP maintains a list of all the possible header names that it might be expected to create in response to a user session, including all of the mappings based on attributes. If the client attempts to supply its own value for one of these headers, this feature tries to detect that and block the request with an error message (and log the attempt).
...