We consistently enforce allowed_outbound_hosts; we should additionally integrate block_networks and client_tls runtime config where feasible. I think it's somewhat likely that there may be cases where block_networks will be infeasible to integrate, at least rigorously (without tricky DNS races); if so let's discuss how to deal with them case-by-case.
We consistently enforce
allowed_outbound_hosts; we should additionally integrateblock_networksandclient_tlsruntime config where feasible. I think it's somewhat likely that there may be cases whereblock_networkswill be infeasible to integrate, at least rigorously (without tricky DNS races); if so let's discuss how to deal with them case-by-case.