Hi,
I'm setting up the monday-code Network Allowlist for our app's backend. The allowlist only accepts explicit FQDNs - no wildcards.
Our server downloads files via the `public_url` returned from the GraphQL `assets` API. Testing across a few accounts I'm already seeing different hostnames, e.g.:
- `prod-euc1-files-monday-com.s3.eu-central-1.amazonaws.com`
- `files-monday-com.s3.amazonaws.com`
I assume there are more (other regions, different account configurations). Without an exhaustive list I can't safely turn the allowlist on, because a new region would silently break downloads in production.
Questions:
1. Is there an **official, exhaustive list** of hosts that may appear in `assets.public_url`?
2. If not, what's the recommended approach - proxy via a stable `*.monday.com` host, or something else?
Has anyone solved this for their app? Thanks!