I think currently encouraged terminology is “acceptlist” and “denylist”.
One option to gauging interest is to release as a gem. If it gets traction then it makes a good case for making a first class feature, if not...you can still use it. On Wed, Jan 22, 2020 at 4:45 PM Joey Paris <j...@leadjig.com> wrote: > Currently, the forgery_protection_origin_check is a boolean option that > either only validates the origin is the same as the base_url or validates > nothing at all. I like the idea of adding something > like forgery_protection_origin_whitelist that contains an array of (regex) > strings of approved origin domains. This whitelist check should only be > tested if forgery_protection_origin_check is set to true, and it should > probably always include the base_url. > > I should be able to add this in myself, I just want to make sure there's > enough community support for this addition before putting the time into it. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-core+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-core/d29dd38c-fd2a-473e-9403-d0bf159e7107%40googlegroups.com > <https://groups.google.com/d/msgid/rubyonrails-core/d29dd38c-fd2a-473e-9403-d0bf159e7107%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Richard Schneeman https://www.schneems.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-core/CAFA5uRMG14cveqYcJ5z1_VUeA30Sv7S-nrTYQYeSYBgkEBifhA%40mail.gmail.com.