Techly NewsGet the app

Get the latest tech news

A Tale of a Trailing Dot (2022)


Trailing dots on host names in URLs is the gift that keeps on giving. Let me take you through a dwindling story of how the dot is handled differently in different places through the stack of an Internet client. The evil trailing dot. DNS When a given host name is to be resolved to an … Continue reading A tale of a trailing dot →

In 2022, someone found a web site that actually requires a trailing dot in the Host: header to respond correctly and reported it to the curl project. Axel Chong figured out that for a curl build without PSL knowledge, the server could set a cookie for a TLD if you just made sure to end the name with a dot. Since curl now keeps the trailing dot in the name and did not do it before, there was a second important string comparison that broke in unexpected ways that Axel figured out and reported.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Tale

Tale

Photo of trailing dot

trailing dot

Related news:

News photo

A Tale of Four Kernels [pdf] (2008)

News photo

A tale of distros joining forces for a common goal: reproducible builds [video]

News photo

The Canva outage: another tale of saturation and resilience

« Redpoint raises $650M three years after its last big early-stage fund
Stop using REST for state synchronization (2024) »