fuchsiaaaaaaaaaaaaaaaaa
im always programming so defensively when in reality nobody will probably even be bothered enough to exploit anything..
someone *could* try to spam mismatched requests to try hit the letsencrypt ratelimit, so I check various things to make sure a domain resolves (and will resolve) properly. would someone actually do this? probably not
someone *could* round-robin multiple A records so I have to check if all of them match our ip, not just the first one
hmmm "Lookup matching error: A record does not match: 159.69.36.55 instead of 159.69.36.55"
i think i made a logic error somewhere lol
ohh right that's what I forgot to add
i'm going to end up including a DNS server for testing purposes aren't I
anyways it correctly checks all these wrongly configured domains, maybe tomorrow I'll add a properly configured one (for real or on a testing DNS server) #pixie pages
These are the basics for #pixie pages supporting custom domains, that's the DNS related stuff mostly finished so it's just plugging this into the existing code now
it's some fun code I think, looking up the domain we were accessed from and checking various records as needed
https://git.pixie.town/f0x/pixie-pages/src/branch/main/src/custom-domain.js
i very actively think about ways people could exploit whatever i'm writing but it's easy to get too bogged down too I feel
and you'll probably look over the real exploits yourself anyways lol