chore: whitelist idtech.no domains #1759
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context:
These domains (*.idtech.no) host test environments for my employer and are visited by integrators, not end users at large.
Possible reasons we were flagged to begin with:
We (BankID) use CSP policies to enforce secure environments for our end users as breaches could lead to losing their life savings, seeing as BankID is accepted as the login provided for all Norwegian banks.
We strictly adhere to GDPR.
Some of these services are OIDC implementation, which can involve chaining multiple redirects in order to transport authentication codes via URL though multiple layers of OIDC flows. These redirect chains may be interpreted by some as tracking, but we do not track our users other than what's described in our privacy policy in order to protect their digital identity, which all banks and all end users who use our product have explicitly agreed to.
For more info on BankID, see https://bankid.no/en/what-is-bankid
Closes #1758