Request-scoped context that serve stamps on the incoming request
before the authenticator runs. Authenticator callbacks read this via
getServeRequestContext so they inherit serve()'s host
resolution (which honors trustForwardedHost) instead of re-reading
headers that may be attacker-controlled.
Request-scoped context that serve stamps on the incoming request before the authenticator runs. Authenticator callbacks read this via getServeRequestContext so they inherit
serve()'s host resolution (which honorstrustForwardedHost) instead of re-reading headers that may be attacker-controlled.