You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2021/03/10 09:00:23 UTC

[GitHub] [skywalking-client-js] tianyk edited a comment on pull request #45: add `originAllowlist` option

tianyk edited a comment on pull request #45:
URL: https://github.com/apache/skywalking-client-js/pull/45#issuecomment-795112518


   > > Some examples are Analytics servers, OSS/S3 file upload services.
   > 
   > @tianyk I want to get more explanation about, why your codes are allowed to randomly accessing different domains without control? I can only see you are using HTTP, rather than HTTPS, which should not be in product env.
   
   I thought about it, if you are very clear about the service to be called, it is more appropriate to use denylist.
   
   In some cases, allowlist may be more appropriate:
   1. You cannot be sure which services have been accessed.
   2. Only track specific services (for example, only some services use skywalking)
   
   I think origin filtering is necessary, use trace or no trace list. 
   
   @wu-sheng @Fine0830 
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org