From b1887d974ad19c8468f14f30ebdb2ad866199dc8 Mon Sep 17 00:00:00 2001 From: Chris Wilkinson Date: Thu, 6 Apr 2017 13:20:03 +0100 Subject: [PATCH] Update status code for untrusted hosts As of https://github.com/symfony/symfony/pull/20962, the user will receive a `400 Bad Request`. --- reference/configuration/framework.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst index 4d75d9539f2..8990b33ee7f 100644 --- a/reference/configuration/framework.rst +++ b/reference/configuration/framework.rst @@ -340,7 +340,7 @@ the configuration of your web server. One simple solution to avoid these attacks is to whitelist the hosts that your Symfony application can respond to. That's the purpose of this ``trusted_hosts`` option. If the incoming request's hostname doesn't match one in this list, the application won't -respond and the user will receive a 500 response. +respond and the user will receive a 400 response. .. configuration-block::