Make possible for origin to be a list of domains
#49
Conversation
|
cc @idyll |
|
I appreciate the thinking here but this isn't going to handle the case that was hoping to address in my PR: allow subdomains to authenticate with the same Passkey as the bare domain (unless I know all the subdomains ahead of time.) Totally understand that you're super worried about problems either through malice or incompetence. (Although I'm going to pretend you think I'm evil rather than dumb if that's okay.) My fork is working fine for me for now, but at some point I will rework the PR to explain exactly what it's doing and why. And why I don't think there will be an issue with it. |
|
Definitely assuming malice ;) How about an optional origin check function? With an example of how to check for subdomains dynamically, using for instance https://hexdocs.pm/domainname/DomainName.html#ends_with?/2 Thinking about this, tell me what's your opinion. |
WIP.
Hard to determine how we should test it.