sandboxes/policy: document blocked values for user-defined rules#24611
Open
dvdksn wants to merge 1 commit intodocker:mainfrom
Open
sandboxes/policy: document blocked values for user-defined rules#24611dvdksn wants to merge 1 commit intodocker:mainfrom
dvdksn wants to merge 1 commit intodocker:mainfrom
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
dvdksn
added
the
status/do-not-merge
aevesdocker
approved these changes
Apr 2, 2026
chrispatrick
reviewed
Apr 2, 2026
| - CIDR ranges: `0.0.0.0/0`, `::/0` | ||
|
|
||
| Scoped wildcards like `*.example.com` are still allowed. If you attempt to | ||
| use a blocked value, `sbx policy` returns an error immediately. |
Contributor
There was a problem hiding this comment.
Is it worth noting that creation of the rules is blocked, but if the user already has blocked values in their local policy then they are ignored? Or maybe that is edge-case enough to ignore?
Contributor
Author
There was a problem hiding this comment.
I was thinking about it, but it sort of goes down into a rabbit hole of, "but if it's blocked, how could be set in the first place?", and then we'd have to explain that too...
So... it's not totally unreasonable to mention this edge case. But wasn't sure it was worth it. Let's maybe see if it comes up.
chrispatrick
approved these changes
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Documents the catch-all values that are blocked in user-defined rules when the User defined delegation setting is enabled in organization governance. Adds a new subsection listing blocked domain patterns and CIDR ranges, and notes that scoped wildcards like
*.example.comremain allowed.Generated by Claude Code