Closed mikewest closed 5 months ago
@evilpie, @antosart: Mind taking a look?
Adding a test in https://chromium-review.googlesource.com/c/chromium/src/+/5471523.
Makes sense to me. (Currently in Firefox we disallow certain schemes for *, but that is already handled in earlier steps in the spec)
This PR adds support for
*
to thehost-part
matching algorithm, allowing patterns likehttps://*:123
to correctly match any host.Fixes w3c/webappsec-csp#656