I love how using `return $uri` instead of `return $request_uri` is a vulnerability for nginx configuration since they don't sanitize the input and allow it to inject data into the headers via newlines. Alternatively, capturing/using any variables in location blocks with newlines.
Conversation
Replying to
I can't understand why their official documentation doesn't talk about these issues anywhere, and neither does any third party documentation that I've seen. You would think it belongs in nginx.com/resources/wiki of all places. I was vaguely aware but not properly conscious of it.