GitLab

Created by: thestick613

GET /dashboard/ HTTP/1.1
Host: 1.2.3.4
X-Forwarded-Host: spoofed.com:443

will return

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 17 Apr 2016 13:17:40 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 302 Found
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Location: http://spoofed.com:443/users/sign_in
Cache-Control: no-cache
Set-Cookie: _gitlab_session=xxxxxxxxxxxxxxxxxxxxxx; path=/; expires=xxxxxx; HttpOnly X-Request-Id: xxxxx
X-Runtime: 0.010452

Is this right? I'm using gitlab version 8.2.3-ce.0.