Since irmago v0.14.0, a session request can include an optional `host` field that overrides the host used in the QR (`Qr.u`). The server validates it against the requestor's configured `host_perms` allowlist.
This is the cleanest way for a requestor running behind a reverse proxy or with multiple public hostnames to control which one ends up in the QR that the user's IRMA/Yivi app scans.
Proposed surface
Add an optional `host: Option` field to the base request that the disclosure/issuance/signature builders share, and a builder method (e.g. `.host("…")`) on each public builder.
References
Since irmago v0.14.0, a session request can include an optional `host` field that overrides the host used in the QR (`Qr.u`). The server validates it against the requestor's configured `host_perms` allowlist.
This is the cleanest way for a requestor running behind a reverse proxy or with multiple public hostnames to control which one ends up in the QR that the user's IRMA/Yivi app scans.
Proposed surface
Add an optional `host: Option` field to the base request that the disclosure/issuance/signature builders share, and a builder method (e.g. `.host("…")`) on each public builder.
References