We’re installing a new app on a secure network. The vendor has requested we allow access to gstatic.com. That seems overly broad to me and unsafe. Thoughts?
We’re installing a new app on a secure network. The vendor has requested we allow access to gstatic.com. That seems overly broad to me and unsafe. Thoughts?
Based on this quick article, https://softwarekeep.com/help-center/what-is-gstatic-com#:~:text=Gstatic is a special website,%2C pictures%2C and style sheets. It feels like just allowing all of gstatic is a bit of a security nightmare. I’d push back and have them identify the parts of gstatic they actually need for their website to work and allow those.
Alternatively, if this application needs a cdn but is only intended for local hosting in the secure network, perhaps a locally hosted cdn could be a good idea.
Without knowing the security in place it’s hard to do much beyond give general maybe this or that.