When detecting $wgServer, do not fall back to $_SERVER['HTTP_HOST']. It's unlikely...

When detecting $wgServer, do not fall back to $_SERVER['HTTP_HOST']. It's unlikely that this is used by anything, since SERVER_NAME takes precedence, and SERVER_NAME is required by CGI 1.1 and appears to always be set by the major web servers. If it were ever used, it would open up a cache-poisoning vulnerability. Partially reverts r8010.