Comment 12 for bug 1659124

Thanks for the updated patch. I like the overall design. Some detail comments:
- I think a different name is required. We might want to override other restrictions in the future. Maybe requestTargetAllow
- The docs need to state which characters are valid in the allowed list
- What to do if some other invalid character is placed on the allowed list. Log a warning?
- I'm still undecided on whether this should be per connector configuration

We also need to decide which versions to add this to. I currently thinking:
- 7.0.x - yes
- 8.0.x - yes
- 8.5.x - maybe
- 9.0.x - no