AllowedHost check wildcard for subdomains

Question

AllowedHost check wildcard for subdomains

pzeinlinger opened this issue 6 years ago · 3 comments

In my opinion, the if clause for the host check should rather be implemented with a regular expression, since e.g. wildcards are often used to allow subdomains.

What's your point of view on this issue? Should I open a pull request?

Answer 1 · 2019-03-22T21:14:23.000Z

I think that's a valid point. If you can implement it with backwards compatibility that would be awesome!

Answer 2 · 2019-03-23T10:10:06.000Z

I opted for a new options flag, because just changing the string check to a regex match would essentially compromise security (e.g. sub1example.com would come back valid for sub.example.com).
The implementation uses regex compile to speed up checks.

Answer 3 · 2019-03-26T19:22:07.000Z

Thanks for putting this together!