[wp-trac] [WordPress Trac] #35248: WordPress should remove domain trailing dot (as/like it removes "www.")

WordPress Trac noreply at wordpress.org
Wed May 24 14:53:34 UTC 2017


#35248: WordPress should remove domain trailing dot (as/like it removes "www.")
-------------------------+------------------------------
 Reporter:  qdinar       |       Owner:
     Type:  enhancement  |      Status:  reopened
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Canonical    |     Version:  4.4
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:
-------------------------+------------------------------

Comment (by qdinar):

 i said "the relative domain feature ... was a feature with no practical
 value"
 -- i have found some usefulness of it:
 1) an easy way to create local short domains (only locally accessible
 domains), because for example using hosts file requires knowing of ip, and
 that ip can later change, so hosts file will need to be edited, but this
 way (relative domains) requires already having dns working, and subdomains
 configured, while hosts file can be used without global dns, but this way
 still maybe useful in some circumstances, like in big companies. but, as i
 know, local short domains, without need to edit ip every time it changes,
 can be easily created also if local dns is used, - with cname records.
 2) if there is a local fake domain configured in hosts file or in local
 dns server, for example for usage by webmasters to test a new site, they
 can add a dot to that domain and get another version of same domain, to
 try to access to it by usual way, if that version with dot also not added
 as a local fake domain.

 -- so maybe domain with trailing dot should not be redirected to version
 without trailing dot, but left for testig purposes. maybe there should be
 shown a message to user so that he knows why he is logged off.

 -- but there are some practical problems with the existance of versions of
 the domains with trailing dots:

 http://saynt2day.blogspot.sg/2013/03/danger-of-trailing-dot-in-domain-
 name.html :

  If you do not consider the fact that the user can accidentally enter the
 domain name with a dot at the end, or follow a link received from some
 "well-wisher" and get on your domain name with the dot at the end, as the
 result it may lead to unexpected consequences:
  1) If the website uses HTTPS, when navigating to the domain name with the
 dot at the end, the browser will display the warning on untrusted
 connection.
  2) Authentication may be broken, as cookies are usually set for the
 domain name without a dot at the end. User in this case will be quite
 surprised why he can’t log in. It is noteworthy, that if you set a cookie
 for a domain name with a dot at the end, this cookie will not be passed to
 the domain name without the dot at the end and vice versa.
  3) JavaScript on the page may be broken.
  4) There may be problems with the caching of website pages (for example,
 https://www.cloudflare.com/ does not clear the pages cache if domain name
 has a dot at the end considering it an invalid domain name).
  5) If in conditions in the web server configuration you rely on the
 particular domain name ($http_host in Nginx, %{HTTP_HOST} in Apache)
 without the dot at the end, you may face a variety of unexpected
 situations: unexpected redirects, basic-authorization problems, etc.
  6) If the web server is not configured to accept requests on the domain
 name with the trailing dot, any user who accidentally typed a domain name
 with the trailing dot will see something like Bad Request - Invalid
 Hostname.
  7) It is possible that search engines may find that your resource has a
 duplicate content, if someone accidentally or intentionally post links to
 your web pages with a dot at the end of the domain name.

 -- and i think, it is generally a trick, because general public does not
 know about it, and as a trick it may harm, so maybe that trailing dots
 should better be denied and turned off in software. in the other hand it
 may help someone to know out that he used a fake domain (if version with
 trailing dot is not also faked), but in the other hand it is also a
 complication that may be bring problems to programmers. seems bad sides
 are more.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/35248#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list