On Mon, Jan 12, 2015 at 03:45:03PM -0800, Piotr Sikora wrote:
Hey Maxim,
I still think it's a no. If needed, allowed characters can be
easily restricted by a configuration.
Just to make a point:
$ curl -I nginx.org
HTTP/1.1 200 OK
Server: nginx/1.7.7
Date: Mon, 12 Jan 2015
Hello!
On Mon, Jan 05, 2015 at 02:12:04PM -0800, Piotr Sikora wrote:
Hey Maxim,
While I agree that there is no real reason for forbidding some of
those characters, I think that Host still should be restricted to at
least printable ASCII characters (minus space and path separators).
Hey Maxim,
I still think it's a no. If needed, allowed characters can be
easily restricted by a configuration.
Just to make a point:
$ curl -I nginx.org
HTTP/1.1 200 OK
Server: nginx/1.7.7
Date: Mon, 12 Jan 2015 23:42:27 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8981
Hey Maxim,
While I agree that there is no real reason for forbidding some of
those characters, I think that Host still should be restricted to at
least printable ASCII characters (minus space and path separators).
I can't think of any reason why would you intentionally allow control
On 20 December 2014 at 00:08, Piotr Sikora pi...@cloudflare.com wrote:
I think that Host still should be restricted to at
least printable ASCII
In what part of ASCII table?
What about host names in national alphabets?
___
nginx-devel mailing list
Hey Andrey,
In what part of ASCII table?
US-ASCII, i.e. printable characters are 0x20-0x7E.
What about host names in national alphabets?
They are not transmitted as such, see RFC3492 (Punycode) and RFC5891 (IDNA).
Best regards,
Piotr Sikora
___
Hey Maxim,
I don't think we should further restrict allowed hostnames solely
based on what current edition of standard says. We are more or
less liberal here, allowing various experiments - and I don't
think this should be changed without a good reason.
While I agree that there is no real
# HG changeset patch
# User Piotr Sikora pi...@cloudflare.com
# Date 1418870862 28800
# Wed Dec 17 18:47:42 2014 -0800
# Node ID ab0442e232ce098438943a77422d8a04cc5b6790
# Parent 99751fe3bc3b285801b434f7f707d87fa42b093e
Add strict Host validation.
According to RFC3986, Host is a sequence of