Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Account for www or not on hostnames #1

Open
andymcbee opened this issue Apr 13, 2024 · 0 comments
Open

Account for www or not on hostnames #1

andymcbee opened this issue Apr 13, 2024 · 0 comments
Assignees
@andymcbee

Comments

@andymcbee
Copy link
Owner

Currently the safelist check checks the host exactly as the user entered in the DB vs exactly as it appears in the host request header

This will create a bad user experience if the user has a www. domain and enters no www.

Set business rules:
Only store non-www domains in the DB. Create a db function that checks if a domain starts with www. each time, and reject it if so.
Always remove leading www from the host, prior to checking if it is valid.
@andymcbee andymcbee self-assigned this Apr 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andymcbee andymcbee

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andymcbee