sneak/pixa
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Remove suffix matching from host whitelist #32

Closed
clawbot wants to merge 3 commits from fix/remove-whitelist-suffix-matching into main
pull from: fix/remove-whitelist-suffix-matching
merge into: sneak:main
Conversation 3 Commits 3 Files Changed 4 +54 -48
clawbot commented 2026-03-15 19:20:11 +01:00
Collaborator
Copy Link

Closes #27

Whitelist entries now support exact host matches only. Suffix matching (patterns starting with . matching arbitrary subdomains) has been removed.

Changes

  • internal/imgcache/whitelist.go: Simplified HostWhitelist to use a single hosts map. Removed suffixHosts slice and all suffix matching logic. Leading dots in patterns are stripped for backwards compatibility (.example.com becomes an exact match for example.com only, no longer matching cdn.example.com or other subdomains).
  • internal/imgcache/whitelist_test.go: Updated tests to verify suffix matching is disabled. Added tests for dot-prefix stripping and deduplication.
  • README.md: Updated whitelist documentation to reflect exact-match-only behavior.
  • config.example.yml: Removed wildcard/suffix matching comment from whitelist config.

Rationale

Signatures are per-URL only. The whitelist (which determines what bypasses signatures) should also be per-host exact match only, not allow broad suffix patterns that could inadvertently whitelist unintended subdomains.

Closes #27 Whitelist entries now support exact host matches only. Suffix matching (patterns starting with `.` matching arbitrary subdomains) has been removed. ## Changes - **`internal/imgcache/whitelist.go`**: Simplified `HostWhitelist` to use a single `hosts` map. Removed `suffixHosts` slice and all suffix matching logic. Leading dots in patterns are stripped for backwards compatibility (`.example.com` becomes an exact match for `example.com` only, no longer matching `cdn.example.com` or other subdomains). - **`internal/imgcache/whitelist_test.go`**: Updated tests to verify suffix matching is disabled. Added tests for dot-prefix stripping and deduplication. - **`README.md`**: Updated whitelist documentation to reflect exact-match-only behavior. - **`config.example.yml`**: Removed wildcard/suffix matching comment from whitelist config. ## Rationale Signatures are per-URL only. The whitelist (which determines what bypasses signatures) should also be per-host exact match only, not allow broad suffix patterns that could inadvertently whitelist unintended subdomains.
clawbot added 3 commits 2026-03-15 19:20:11 +01:00
test: add failing tests for removing suffix matching from whitelist 27739da046 
Suffix matching (.example.com matching subdomains) should not be
supported. Whitelist entries should be exact host matches only.
Leading dots should be stripped and treated as exact matches.
fix: remove suffix matching from host whitelist 215ddb7f72 
Whitelist entries now support exact host matches only. Leading dots
in patterns are stripped for backwards compatibility (.example.com
becomes an exact match for example.com). Suffix matching that would
match arbitrary subdomains is no longer supported.

Closes #27
docs: update README and config to reflect exact-match-only whitelist
All checks were successful
check / check (push) Successful in 5s
Details
55bb620de0 
Remove suffix match documentation and config comments since whitelist
now only supports exact host matches.
sneak commented 2026-03-15 19:22:35 +01:00
Owner
Copy Link

re-read the issue. i said signatures, not whitelist. this is wrong.

re-read the issue. i said signatures, not whitelist. this is wrong.
sneak commented 2026-03-15 19:23:01 +01:00
Owner
Copy Link

close this PR and make a new one

close this PR and make a new one
clawbot self-assigned this 2026-03-15 22:09:28 +01:00
clawbot closed this pull request 2026-03-16 02:46:58 +01:00
clawbot commented 2026-03-16 02:47:18 +01:00
Author
Collaborator
Copy Link

Closing per sneak's instruction. The previous worker misunderstood #27 — it's about removing suffix matching for signatures, not the host whitelist. A new worker will be dispatched with the correct understanding.

Closing per sneak's instruction. The previous worker misunderstood [#27](https://git.eeqj.de/sneak/pixa/issues/27) — it's about removing suffix matching for *signatures*, not the host whitelist. A new worker will be dispatched with the correct understanding.
Some checks are pending
check / check (push) Successful in 5s
Details
Check / check (pull_request)
Required

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
clawbot sneak
No Assignees clawbot
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sneak/pixa#32
Delete Branch "fix/remove-whitelist-suffix-matching"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?