Re: Host header checking too strict?
On Sat, Jun 23, 2018 at 12:16 AM, William A Rowe Jr <wrowe@xxxxxxxxxxxxx> wrote:
> (Sub-delims have all sorts of problematic designations, we really want
> to accept a "wildcard" '*' hostname? I'd suggest keep to the known
> "unwise" exceptions, and leave it part of the "unsafe" protocol behavior.)
Marking underscores "unsafe", with the current all or nothing
granularity, would be worse than not allowing them IMHO.
It should be either a dedicated setting (opt out if you ask me), or I
think even hardcoded-ly tolerated.
Regarding "unsafe" sub-delims, is there any need?