You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I believe, however, that this doesn't match a common use case. For example, wildcard certificates don't support multilevel nesting, if I understand correctly.
Expected behaviour
Dot isn't considered a _dns_safe character.
The text was updated successfully, but these errors were encountered:
Interesting! It definitely is valid sometimes, so I guess it needs to be configurable? But you're right that 'regular' wildcard SSL won't be sufficient (nested subdomains can be added via SAN, but I imagine that's pretty unusual).
Would it perhaps be a reasonable idea to consider other pathways for providing a more complex subdomain structure than accidentally via the username? Deeper nested domains are a reasonable niche application, but arbitrary level nesting based on a username seems too weird. Plus I'm not even sure if one...two.example.com is a legitimate domain name.
Would it perhaps be a reasonable idea to consider other pathways for providing a more complex subdomain structure than accidentally via the username?
I definitely think a custom hook to totally override domain-for-user makes sense.
Plus I'm not even sure if one...two.example.com is a legitimate domain name.
I'm pretty sure it's not.
There's a comment that we should really be using idna encoding for full DNS-safe labels. There's a package for that, but it doesn't handle the ASCII part of it (escape ., can't start or end with -, etc.).
Bug description
If a username contains a period and subdomains are enabled, they will get a sub-subdomain now because this code doesn't mind sub-subdomains:
jupyterhub/jupyterhub/user.py
Lines 58 to 60 in 49c5189
I believe, however, that this doesn't match a common use case. For example, wildcard certificates don't support multilevel nesting, if I understand correctly.
Expected behaviour
Dot isn't considered a
_dns_safe
character.The text was updated successfully, but these errors were encountered: