Created by: cyberixae
This is my attempt to get rid of the DANGEROUSLY_DISABLE_HOST_CHECK while working on apps that need the API proxy and subdomains. I'm wondering whether or not subdomains are vulnerable to similar spoofing attacks. At least one would expect the attack vector to be smaller if allowed hosts would be restricted to subdomains. See #2233 (closed) for previous discussion.