Tiny Tiny RSS: Community

Open Redirect via public.php


I didn’t test it, but looking through the sanity check I agree that leaving it as HTTP_HOST should be fine. And I doubt many people are skipping that check, as I recall it was put there for a few edge cases when using proxies.