From 2a9350d21a7df4e8e80883227b21edc94bf779c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 8 Apr 2026 09:02:24 +0200 Subject: [PATCH] fix: use "host" instead of "hostname" for --allow-net docs The --allow-net flag accepts hosts (hostname or IP, optionally with a port), not just hostnames. Updated terminology and definition to reflect this. Closes #2702 Co-Authored-By: Claude Opus 4.6 (1M context) --- runtime/fundamentals/security.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/runtime/fundamentals/security.md b/runtime/fundamentals/security.md index b0b2b4528..c929cc8ed 100644 --- a/runtime/fundamentals/security.md +++ b/runtime/fundamentals/security.md @@ -247,13 +247,13 @@ or perform DNS resolution. This includes making HTTP requests, opening TCP/UDP sockets, and listening for incoming connections on TCP or UDP. Network access is granted using the `--allow-net` flag. This flag can be -specified with a list of IP addresses or hostnames to allow access to specific -network addresses. +specified with a list of hosts to allow access to specific network addresses. A +host can be a hostname or IP address, optionally with a port. Hostnames do not allow subdomains, unless explicitly listed. To allow any subdomain for a hostname, `*` can be used as wildcard for any subdomain. -Definition: `--allow-net[=...]` or `-N[=...]` +Definition: `--allow-net[=...]` or `-N[=...]` ```sh # Allow network access @@ -277,7 +277,7 @@ deno run --allow-net=1.1.1.1:443 script.ts deno run --allow-net=[2606:4700:4700::1111] script.ts ``` -Definition: `--deny-net[=...]` +Definition: `--deny-net[=...]` ```sh # Allow access to network, but deny access