Whitelist filtering on domain name?

[scottcain]

Hello,

While still have the same question in #79, I have a further question on how whitelists should work. I have the following whitelist entries:

whitelist:
    - "staging.wormbase.org"
    - "www.wormbase.org"

which I think means (or should mean) that I can take screenshots of anything from those two subdomains, but nowhere else on the internet, since I don't want to provide an internet-wide screenshotting service. However, when I use that and try a url like this (the domain of the actual manet service is on another domain and I'd rather not publicize it):

http://example.com:8891/?url=http%3A%2F%2Fstaging.wormbase.org%2Ftools%2Fgenome%2Fjbrowse-simple%2Ffull.html%3Fdata%3Ddata%252Fc_elegans_PRJNA13758%26loc%3DIII%253A3868010..3889306%26tracks%3DCurated_Genes%252CTSS%2520(Chen)%2520Forward%252CBalancers%252CPolymorphisms%26highlight%3D%26screenshot%3Dp20o0r0n0u0b1m111s000000z2~0h2500i0q0d0~1h50i0x25q1~2h600i0q0d0~3h600i0q0d0&format=JPG&delay=16000&width=3300&height=2400&zoom=2&quality=0.7

I get this error message:

{"error":"URL \"http://staging.wormbase.org/tools/genome/jbrowse-simple/full.html?data=data%2Fc_elegans_PRJNA13758&loc=III%3A3868010..3889306&tracks=Curated_Genes%2CTSS (Chen) Forward%2CBalancers%2CPolymorphisms&highlight=&screenshot=p20o0r0n0u0b1m111s000000z2~0h2500i0q0d0~1h50i0x25q1~2h600i0q0d0~3h600i0q0d0\" is not allowed"}

So my question is this: am I misinterpreting what the whitelist option should be doing? I would expect it to match against either the domain name of the url (most likely) or any string in the URL (less likely since you're using url-pattern), and if it matches, allow manet to run, if not, not.