Open job opened 3 months ago
As discussed at RIPE 88 @mxsasha
@stkonst the reason the UNF's need to contain relative URLs is that you want to avoid cross-origin trickery, for example "my" UNF pointing to RIPE NCC's giant snapshot (but not at RIPE NCC's deltas); this would cause clients to endlessly download the latest snapshot, increasing bandwidth consumption beyond what is acceptable.
The same security concern was discovered in RRDP, and unfortunately the only viable workaround was to impose a 'same origin policy': https://datatracker.ietf.org/doc/html/draft-spaghetti-sidrops-rrdp-same-origin-00 and had to be patched in all validators.
But since NRTMv4 is still in its development phase, it is not too late to mandate only relative URLs are used, for safety
Now, the RRDP situation and the NRTM v4 situation aren't 100% apples to apples, but I suspect that based on the RRDP experience (which was a big inspiration for NRTM v4), we'd do well to keep things simpler and only allow 'same-domain-file-serving'
This helps avoid weird XSS / cross-origin considerations