What's with HTTP_X_FORWARDED_HOST?
I’ve seen some requests to boxesandarrows.com with HTTP_X_FORWARDED_HOST=myweb2.search.yahoo.com. They go to the right virtual server just fine, but Rails, and most other web app frameworks that I’ve seen, have decided that when HTTP_X_FORWARDED_HOST is present, it trumps HTTP_HOST.
I haven’t been able to find a good resource to tell me how it’s intended to be used, so I can determine whether Yahoo is mistaken, and what the best way to handle it is. It would seem to be used with proxies, but that’s about all I dare guess.
Can anyone help clarify?