pub const PNA_ALLOWED_ORIGINS: &[&str];Expand description
Origins allowed to make Local Network Access requests to the local WebSocket service.
This is the single source of truth for the allow-list. Two consumers derive from it:
- The origin-validation callback in the local WebSocket handshake
(see
pispas_modules::utils::is_origin_allowed). Matching is literal plus wildcard subdomain (*.example.com) and wildcard port (:*). - The Chrome/Edge enterprise policy installer
resources/win/disable-chrome-pna.ps1, which is called bypackages/installer/src/resources.rs::run_chrome_pna_scriptwith each origin passed as its own CLI argument so PowerShell binds them into a real[string[]].
Changing this list requires no code change anywhere else — a rebuild and re-install is sufficient. Avoid broadening it without a good reason.