I’m going to try it in one of my CI pipelines
Quick question: how granular is the allowlist matching, is it exact domain only or do you support wildcards and subdomain patterns
The allowlist uses nginx's map directive with the `hostnames` parameter, so it supports several matching patterns:
- Exact domains: `registry.npmjs.org` - Prefix wildcards: `.cloudfront.net` (matches any subdomain) - Suffix wildcards: `github.` (matches github.com, github.io, etc.) - Combined wildcards: `.example.com` (shorthand for both example.com and .example.com) - Regex patterns: `~^.\.amazonaws\.com$` for full PCRE support
Full nginx map documentation: https://nginx.org/en/docs/http/ngx_http_map_module.html
I'll add this to the documentation. Thanks!
The allowlist uses nginx's map directive with the `hostnames` parameter, so it supports several matching patterns:
- Exact domains: `registry.npmjs.org` - Prefix wildcards: `.cloudfront.net` (matches any subdomain) - Suffix wildcards: `github.` (matches github.com, github.io, etc.) - Combined wildcards: `.example.com` (shorthand for both example.com and .example.com) - Regex patterns: `~^.\.amazonaws\.com$` for full PCRE support
Full nginx map documentation: https://nginx.org/en/docs/http/ngx_http_map_module.html
I'll add this to the documentation. Thanks!