daniel:// stenberg://

Trailing dots are the worst:

https://daniel.haxx.se/blog/2026/06/25/trailing-dots-are-the-worst/

#curl

Trailing dots are the worst

Trailing dots after hostnames in URLs remain my worst enemies. I wrote about several problems with them in the past that involved those nasty things. They are still painful. When we shipped curl 8.21.0 on June 24 2026 we fixed at least three brand new problems that involved trailing dots. C'mon, follow me down the … Continue reading Trailing dots are the worst →

daniel.haxx.se
7:48amWeb
Show threadJeppe Fihl-Pearson8h ago

@bagder Interesting post! Could there be value in curl being stricter about what inputs it accept so some of these security issues wouldn't be possible in the first place, or would that break too many use cases?

Also, the sentence "that allows it to create “super cookies” that work across domains in in ways that is now allowed" reads odd to me. I think it perhaps should have been "that allows it to create “super cookies” that work across domains in ways that is not allowed"

Show threaddaniel:// stenberg://8h ago

@Tenzer the challenge is that the trailing dots are legal and accepted in the URL, and in the past people have used sites for which the dot had to be there or it wouldn't work ..

(I fixed the weird phrasing, thanks!)

Show threadmhughes (n0ob404)7h ago

@bagder missed opportunity to link to daniel.haxx.se. (with the trailing dot) 😄.

Thanks for the blog, interesting as always!

Show threadaspragg4h ago

@bagder Harmful Consequences of the Robustness Principle strikes again

https://datatracker.ietf.org/doc/html/draft-thomson-postel-was-wrong-03

> • Over time, implementations progressively add new code to constrain how data is transmitted, or to permit variations in what is received.

> • Errors in implementations, or confusion about semantics can thereby be masked.

> • These errors can become entrenched, forcing other implementations to be tolerant of those errors.

> In this way an flaw can become entrenched as a de facto standard.

The Harmful Consequences of the Robustness Principle

Jon Postel's famous statement of "Be liberal in what you accept, and conservative in what you send" is a principle that has long guided the design and implementation of Internet protocols. The posture this statement advocates promotes interoperability, but can produce negative effects in the protocol ecosystem in the long term. Those effects can be avoided by maintaining protocols.

IETF Datatracker
Show threadecharlie2h ago

@bagder reminds me of one http server implementation that did *not* implement trailing dots correctly, so example.com would succeed and example.com. would not.

Trailing dot semantics in the DNS may have been a mistake.