git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Host header checking too strict?


On Sat, Jun 23, 2018 at 12:16 AM, William A Rowe Jr <wrowe@xxxxxxxxxxxxx> wrote:
>
> (Sub-delims have all sorts of problematic designations, we really want
> to accept a "wildcard" '*' hostname? I'd suggest keep to the known
> "unwise" exceptions, and leave it part of the "unsafe" protocol behavior.)

Marking underscores "unsafe", with the current all or nothing
granularity, would be worse than not allowing them IMHO.
It should be either a dedicated setting (opt out if you ask me), or I
think even hardcoded-ly tolerated.

Regarding "unsafe" sub-delims, is there any need?



( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache2-developers/msg04220.html on line 81
Call Stack
#TimeMemoryFunctionLocation
10.0007363032{main}( ).../msg04220.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache2-developers/msg04220.html on line 81
Call Stack
#TimeMemoryFunctionLocation
10.0007363032{main}( ).../msg04220.html:0