Wildcards for allowed hosts?

[radu-matei]

With #39, the default behavior of None for allowed_hosts changes from allowing guest modules to make requests to any server to not allowing access to any server.
Additionally, if someone intends to allow access to all subdomains of a particular domain, that is currently impossible, and each subdomain would have to be individually added to the list.

Do we want to add:

1. A top-level wildcard that would explicitly allow guest modules to send requests to all servers? Perhaps "*" as the only element of the allowed_hosts vector?
2. The ability to specify a domain wildcard?

[jedisct1]

Having both would totally make sense.

*.example.com should not match example.com, though (typicallygithub.io and user-controlled subdomains would require different capabilities), which can be a bit counter-intuitive if we use the wildcard syntax.

But if all we want to an allowlist, this is probably the easiest way to go.

That being said, no matter if they fail open or close, virtually all ACL systems have both allow and deny lists. Not doing so quickly ends up with limitations (ex in that case: all example.com subdomains are fine, but not admin.example.com or www.example.com).

I'm not sure that capabilities modeled after descriptors can be extended to host or domain names without being quickly painful to use in actual applications.

[hdihconnect]

What about "%" instead "*"?

[aalhitennf]

This would be very useful feature. Im creating a thing that needs to connect to lots of different subhosts like ab-cd.sub.host.com, ac-dc.sub.host.com etc where the first part may change.