Hi Adam,
On Wednesday, March 25, 2020 at 7:27:58 PM UTC+1, Adam Johnson wrote:
>
> I think that would make Florian happy, although it *has* been seven years
> since his closing comment on the ticket.
>
You should know me better :D No this would not make Florian happy and he is
still against it. By all means add a lenient=False flag which can be turned
to True to enable lenient parsing but the defaults should imo stay.
It might be true that for the sole purpose of __displaying__ URLs that an
underscore will not hurt, but in the greater scheme of things it simply
does not work:
* java.net.URI will not parse it: new
java.net.URI("http://test_host.com";).getHost -> null
* While you laugh about me mentioning java the more relevant argument is
that we are going towards a HTTPs world and there you have to play by a
different set of rules namely CA/Browser Forum Baseline Requirements. These
requirements require you to follow RFCs (especially RFC 5280) which in turn
requires subjectAltNames to follow the preferred style of RFC 1034 which
finally disallows the use of underscores. So for this reason CAs won't
allow you to issue certs for those hostnames, you can only make those work
via wildcard certs, which in turn only work for subdomains and not TLDs.
So this limits the usefulness of underscores in URLs to mainly http-only
sites or sites that went around extra hoops to get it working. In that
sense I do not see a strong requirement to be lenient in parsing by default.
Cheers,
Florian
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/e6a7c79d-f53f-4893-bf05-06fa5475f915%40googlegroups.com.
