From 66b200b9932e935ded5b5286f13d59abc5b8e6df Mon Sep 17 00:00:00 2001
From: Leo McArdle <leo@mozilla.com>
Date: Fri, 5 Jan 2024 11:05:19 +0000
Subject: [PATCH] fix: fail fast if attempting to validate empty hostname

---
 httpobs/website/api.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/httpobs/website/api.py b/httpobs/website/api.py
index 83894f0..9ef3b8f 100644
--- a/httpobs/website/api.py
+++ b/httpobs/website/api.py
@@ -26,11 +26,13 @@ def api_post_scan_hostname():
     # TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org
 
     # Get the hostname
-    hostname = request.args.get('host', '').lower()
+    hostname = request.args.get('host', '').lower().strip()
 
     # Fail if it's not a valid hostname (not in DNS, not a real hostname, etc.)
     ip = True if valid_hostname(hostname) is None else False
-    hostname = valid_hostname(hostname) or valid_hostname('www.' + hostname)  # prepend www. if necessary
+    hostname = valid_hostname(hostname) or (
+        valid_hostname('www.' + hostname) if hostname else False
+    )  # prepend www. if necessary
 
     if ip:
         return {