Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Give whim an allow-list for targets #48

Open
jmacdotorg opened this issue Jul 2, 2020 · 0 comments
Open

Give whim an allow-list for targets #48

jmacdotorg opened this issue Jul 2, 2020 · 0 comments

Comments

@jmacdotorg
Copy link
Owner

Just as whim has a block-list for sources, it should have an allow-list for targets.

If the allow list has no members, then it will happily store webmentions meant for any target -- just as it does now.

If the allow list has any members, then it will accept only webmentions whose targets match (for some definition of "match") at least one member of the list.

Two notes:

  • This needn't be in the database. The block-list is in the database because that way it can get JOINed into SQL queries, but that isn't a need here.

  • There's room to sneak in a bonus feature: Have the whim listener convert the allow-list into the contents of an Access-Control-Allow-Origin HTTP header. That is: if we can receive webmentions for these domains, then we can trust AJAXy requests from them as well. (And by extension, set that header to '*' if the list is empty.)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmacdotorg