Vulnerability in EPiServer.Forms
If you read here:
It says like this:"Here you can use the same instance bound license file for both environments. To avoid a license error, you need to define the same URL in both the test and production environment."
What that means in code is that SiteDefinition.Current.SiteUrl will be the same for both production and test environements and that is in my mind not a good solution.
The reason for that is that this property is often use in code to for example generate absolute urls or simular stuff and with this way the users can end up on the production site when they think they are on the test site.
So...Either add a new property next to URL in site site definition in admin that is only used by the cloud license or implement a new implementation for the extension method SiteUrl that looks in the bindings and finds the one with the default flag on it.
Whenever I'm getting the host I always use the HttpConext. E.g.
/// <inheritdoc />
public string GetHost()
Specifically for the reason that SiteDefinition.Current.SiteUrl cannot be trusted with multiple bound domains. But it would be great if something better could be handled as this solution isn't create for multiple threads or areas without HttpContext such as ScheduledJobs