Open blockjoe opened 2 years ago
Currently origin whitelisting requires explicit string matching of the origin domain:
https://github.com/pokt-foundation/portal-api/blob/7db2227b4f6a237ac85d8569d2d5c5abf09d2dcc/src/services/pocket-relayer.ts#L584
Being able to whitelist a collection of subdomains like *.domain.com is an intuitive process.
*.domain.com
The checkWhitelist enforcement function takes a type argument that could allow for a "wildcard" type which could check for a pattern match i.e.:
checkWhitelist
type
for (cost test of tests) { switch (type) { case 'wildcard': if (check.toLowerCase().match(test.toLowerCase()) != null ) { return true; } break; case 'explicit': if (test.toLowerCase() === check.toLowerCase()) { return true; } break; default: if (check.toLowerCase().includes(test.toLowerCase())) { return true; } } } return false;
I don't have any objections against this. It is a low hanging fruit that can certainly be helpful for some. cc: @rem1niscence @nymd
Currently origin whitelisting requires explicit string matching of the origin domain:
https://github.com/pokt-foundation/portal-api/blob/7db2227b4f6a237ac85d8569d2d5c5abf09d2dcc/src/services/pocket-relayer.ts#L584
Being able to whitelist a collection of subdomains like
*.domain.com
is an intuitive process.The
checkWhitelist
enforcement function takes atype
argument that could allow for a "wildcard" type which could check for a pattern match i.e.: