@nahi do you think "*.Example.COM" should verify 'http://www.example.com '? /cc @bascule
-
-
-
-
@_zzak the section 7.2 text seems to be describing multiple wildcards as an antipattern to be avoided -
@bascule Yeah, they are recommending to avoid because they introduce "exploitable differences in identity checking behavior".. -
@bascule but they don't really come out and say it anywhere... :/ -
@_zzak yeah, it’s sadly implicit I think. They only talk about “the wildcard character” (singular), and the examples are all single-wildcard -
@bascule I also don't think we can handle more than one in our current impl. w/o using a regex on this data..
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.