[PATCH] Add strict Host validation
mdounin at mdounin.ru
Mon Jan 12 12:36:22 UTC 2015
On Mon, Jan 05, 2015 at 02:12:04PM -0800, Piotr Sikora wrote:
> Hey Maxim,
> > While I agree that there is no real reason for forbidding some of
> > those characters, I think that Host still should be restricted to at
> > least printable ASCII characters (minus space and path separators).
> > I can't think of any reason why would you intentionally allow control
> > characters in there.
> Ping... or is it still a "no"?
I still think it's a "no". If needed, allowed characters can be
easily restricted by a configuration.
More information about the nginx-devel