[PATCH] Add strict Host validation
Maxim Dounin
mdounin at mdounin.ru
Mon Jan 12 12:36:22 UTC 2015
Hello!
On Mon, Jan 05, 2015 at 02:12:04PM -0800, Piotr Sikora wrote:
> Hey Maxim,
>
> > While I agree that there is no real reason for forbidding some of
> > those characters, I think that Host still should be restricted to at
> > least printable ASCII characters (minus space and path separators).
> >
> > I can't think of any reason why would you intentionally allow control
> > characters in there.
>
> Ping... or is it still a "no"?
I still think it's a "no". If needed, allowed characters can be
easily restricted by a configuration.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list