It seems URI/authority/domain parsing for authorization purposes is highly risky and leaves a lot to be desired. Another recent high-impact URI parsing bug in Google’s core library that led to Google-wide domain check bypass: https://news.ycombinator.com/item?id=22527842
