Closed bhoeneis closed 3 months ago
@bhoeneis Author Tools have only allowed a set of domain names. The current list is here.
*.ietf.org
*.rfc-editor.org
*.github.com
*.githubusercontent.com
*.github.io
*.gitlab.com
@kesara Thanks for clarification!
I wonder what's the reason behind (security?) and whether this limitation to a strict list could be relaxed. Would ease the IETF work at least in our team.
Hi Bernie -
We can add domains to the allow list on request.
On our side, we will want some confidence that the content at any domain we add is very unlikely to be malicious.
On your side, you should be aware that a malicious user could then make a lot of requests that would drive traffic arbitrary places at pep.foundation if we were to add that domain. Are you in the right place in that organization to declare that risk acceptable, or do you need to ask someone listed at https://www.pep.foundation/about/council/?
This could also apply to whether the tooling would allow xi-include: from that domain in v3 xml.
Thanks a lot for the explanations!
This issue is no longer relevant, as pEp moved their repositories to codeberg.org (which pEp can not act on behalf of).
Trying to use e.g. the following URL to compare with iddiff:
results in the following error:
Is it on purpose to not to allow certain/external domains or is this a bug?