remove suffix matching from host whitelist
All checks were successful
check / check (push) Successful in 1m50s
All checks were successful
check / check (push) Successful in 1m50s
Signatures are per-URL, so the whitelist should only support exact host matches. Remove the suffix/wildcard matching that allowed patterns like '.example.com' to bypass signature requirements for entire domain trees. Leading dots in existing config entries are now stripped, so '.example.com' becomes 'example.com' as an exact match (backwards-compatible normalisation).
This commit is contained in:
user
@@ -13,8 +13,7 @@ state_dir: ./data
|
||||
# Generate with: openssl rand -base64 32
|
||||
signing_key: "CHANGE_ME_generate_with_openssl_rand_base64_32"
|
||||
|
||||
# Hosts that don't require signatures
|
||||
# Use "." prefix for wildcard subdomain matching (e.g., ".example.com" matches "cdn.example.com")
|
||||
# Hosts that don't require signatures (exact match only)
|
||||
whitelist_hosts:
|
||||
- s3.sneak.cloud
|
||||
- static.sneak.cloud
|
||||
|
||||
Reference in New Issue
Block a user