Existing documentation URL(s)
https://developers.cloudflare.com/workers/configuration/routing/routes/#hostnames-may-optionally-begin-with-
What changes are you suggesting?
The "Hostnames may optionally begin with *" warning and examples state that *example.com/* would match hostnames that are not subdomains of example.com. It then states that https://myexample.com/ matches, but https://not-example.com/ does not.
My understanding is that these route patterns only apply within their associated zone, which in these cases would be example.com. For most users (those not using SaaS custom host names?), other hostnames would not be within the zone and would not be tested against the pattern. Hence, in practice, the warning only becomes relevant if applied to a subdomain of the zone e.g. *sub.example.com which would then match notsub.example.com. When the wildcard is only applied at the zone domain level there will not usually be any unintended matches.
Additionally, * is described as "matches zero or more of any character", so - should not be special and https://not-example.com/ should match *example.com/*.
The documentation should explain that matches are restricted to the associated zone, use a subdomain for the examples so that they are more applicable to most users (or ideally give examples for both the zone and subdomain), and correct the labelling of which examples match the pattern.
Additional information
No response
Existing documentation URL(s)
https://developers.cloudflare.com/workers/configuration/routing/routes/#hostnames-may-optionally-begin-with-
What changes are you suggesting?
The "Hostnames may optionally begin with
*" warning and examples state that*example.com/*would match hostnames that are not subdomains ofexample.com. It then states thathttps://myexample.com/matches, buthttps://not-example.com/does not.My understanding is that these route patterns only apply within their associated zone, which in these cases would be
example.com. For most users (those not using SaaS custom host names?), other hostnames would not be within the zone and would not be tested against the pattern. Hence, in practice, the warning only becomes relevant if applied to a subdomain of the zone e.g.*sub.example.comwhich would then matchnotsub.example.com. When the wildcard is only applied at the zone domain level there will not usually be any unintended matches.Additionally,
*is described as "matches zero or more of any character", so-should not be special andhttps://not-example.com/should match*example.com/*.The documentation should explain that matches are restricted to the associated zone, use a subdomain for the examples so that they are more applicable to most users (or ideally give examples for both the zone and subdomain), and correct the labelling of which examples match the pattern.
Additional information
No response