diff --git a/service-providers/simple-socks5/src/allowed_hosts.rs b/service-providers/simple-socks5/src/allowed_hosts.rs index a4c65b7b4e..b9ae58fa75 100644 --- a/service-providers/simple-socks5/src/allowed_hosts.rs +++ b/service-providers/simple-socks5/src/allowed_hosts.rs @@ -15,6 +15,11 @@ use std::path::PathBuf; /// This may be handy for service provider node operators who want to be able to look in the /// `unknown_hosts` file and allow new hosts (e.g. if a wallet has added a new outbound request /// which needs to be allowed). +/// +/// We rely on the list of domains at https://publicsuffix.org/ to figure out what the root +/// domain is for a given request. This allows us to distinguish all the rules for e.g. +/// .com, .co.uk, .co.jp, uk.com, etc, so that we can distinguish correct root-ish +/// domains as allowed. That list is loaded once at startup from the network. pub(crate) struct OutboundRequestFilter { allowed_hosts: HostsStore, unknown_hosts: HostsStore,