HTTPS
=====

OkHttp attempts to balance two competing concerns:

 * **Connectivity** to as many hosts as possible. That includes advanced hosts that run the latest versions of [boringssl](https://boringssl.googlesource.com/boringssl/) and less out of date hosts running older versions of [OpenSSL](https://www.openssl.org/).

            }
        }

        final String[] hosts = split(ResourceUtil.getFesenHttpUrl(), ",")
                .get(stream -> stream.map(String::trim).filter(StringUtil::isNotEmpty).toArray(n -> new String[n]));
        nodeManager = new NodeManager(hosts, node -> request(new CurlRequest(Method.GET, node.getUrl("/"))));

    @Test
    public void test_isValidVirtualHostPath_emptyVirtualHosts() throws Exception {
        // No virtual hosts configured
        setupVirtualHostHelper();

        Boolean result = invokeIsValidVirtualHostPath("/anypath");
        assertFalse("Any non-empty/non-root path should be blocked when no virtual hosts configured", result);
    }

    @Test

        return relatedQueryMap.size();
    }

    /**
     * Extracts the virtual host key from a RelatedQuery entity.
     * If the virtual host is blank or null, returns an empty string.
     *
     * @param entity the RelatedQuery entity to extract the host key from
     * @return the virtual host key, or empty string if blank or null
     */
    protected String getHostKey(final RelatedQuery entity) {

{* ../../docs_src/advanced_middleware/tutorial001_py310.py hl[2,6] *}

## `TrustedHostMiddleware` { #trustedhostmiddleware }

Enforces that all incoming requests have a correctly set `Host` header, in order to guard against HTTP Host Header attacks.

{* ../../docs_src/advanced_middleware/tutorial002_py310.py hl[2,6:8] *}

The following arguments are supported:

     * @return The created OpenSearch client.
     */
    protected Client createClient() {
        final String[] hosts =
                split(address, ",").get(stream -> stream.map(String::trim).filter(StringUtil::isNotEmpty).toArray(n -> new String[n]));
        final Settings settings = Settings.builder().putList("http.hosts", hosts).build();
        return new HttpClient(settings, null);
    }

    /**

They're also concrete: each URL identifies a specific path (like `/square/okhttp`) and query (like `?q=sharks&lang=en`). Each webserver hosts many URLs.

### [Addresses](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-address/)

    }

    @SuppressWarnings("unchecked")
    default Tuple3<String, String, String>[] getVirtualHosts() {
        Tuple3<String, String, String>[] hosts = (Tuple3<String, String, String>[]) propMap.get(VIRTUAL_HOST_HEADERS);
        if (hosts == null) {
            hosts = split(getVirtualHostHeaderValue(), "\n").get(stream -> stream.map(s -> {
                final String[] v1 = s.split("=");
                if (v1.length == 2) {

    /**
     * Displays the initial duplicate host management page.
     *
     * @param form the search form
     * @return HTML response for the duplicate host list page
     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public HtmlResponse index(final SearchForm form) {
        return asListHtml();
    }

    /**
     * Displays the duplicate host list with pagination.
     *

 * but given that any public suffix may become a host without warning, it is better to err on the
 * side of permissiveness and thus avoid spurious rejection of valid sites. Of course, to actually
 * determine addressability of any host, clients of this class will need to perform their own DNS
 * lookups.
 *
 * <p>During construction, names are normalized in two ways:
 *
 * <ol>