New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
httpcaddyfile: Support explicitly turning off strict_sni_host
#4592
Conversation
I don't know if I love this (because it only turns off security)... so if we are going to allow this to be done so easily (which, I still am not sure whether to approve this), it should probably at least be prefixed with |
Alright, like |
@francislavoie Oh, I meant instead of Still squirming about this because I hope it doesn't bite anyone who doesn't understand the docs someday... |
Well, we've had it as an option to turn it on for quite a long time already. Removing that would be a BC break. I'll make the change for |
Ohh, right, because it only turns on automatically if client_auth is enabled. Gotcha. I like |
586c3a0
to
35e68be
Compare
Donezo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I hate it 😉
In the Caddyfile, we were only allowing turning on
strict_sni_host
explicitly, but provided no way to explicitly turn it off, which may be necessary for situations where it gets turned on implicitly like when TLS client_auth is turned on.This adds support for a first arg to be
on
(for symmetry, least surprise) orinsecure_off
(what's actually new in terms of behaviour). If the arg is omitted, then it's the same behaviour as before, i.e. turning it on.