Imagine a scenario where you install a script from NPM that you use throughout your Worker script.
Now, what if it uses fetch to send all current objects of your entire app to a third party URI, would you notice it?
On a small script, probably, but on a large script? Probably not.
What if we could white-list which routes our Worker scripts could sub-request towards?
It would:
- Stop it from sending data to a place it’s not allowed to.
- Catch errors when sending to legit domains that are miss-spelled (or manipulated due to object poisoning).
- Make scripts with a lot of requests more predictable (we have a map of all allowed domains/IPs).
What do you think?