Punycode, between 1 and 63 octets issue

A v9.1.3/php8.1 site log is showing:
concrete/vendor/true/punycode/src/Punycode.php:84 The length of any one label is limited to between 1 and 63 octets, but 0 given.

The site is live with error reporting set to not show whoops report.

I am trying to track down the cause.

One possibility from forum archives is an incorrectly formed incoming URL. I have tested such and its not the cause in this case.

Any thoughts on other causality for this error?

I also have such errors in my logs (for a v8 site).

This occurs when the site visitors use a domain name ending with a dot (which is legal but currently not supported by the 3rd party libs we use).

For example, this occurs when using https://www.domain.com./ instead of https://www.domain.com/

Weird - I also have this appearing in logs on 2 very separate v9 sites - I’ve never seen this error before (from memory at least!). It’s just started appearing in the last week on both sites.

Thank you.

I tested further. Chrome won’t let me cause that error, but Firefox will. So the causality is a combination of

  1. A badly formatted link coming in from elsewhere - I suspect at the end of a sentence.
  2. A browser that will handle the link (Firefox, maybe others)

I usually have such requests only from bots/hackers

1 Like

I suspected a post on a 3rd party blog or social media quoting the url at the end of a sentence. However, Chrome does block it with security warnings.

1 Like