Unfortunately, there is still a large number of our Zero partners that cannot whitelist us based on the IP address alone. Some of them cannot even have wildcards in the domain names. Thus, we give them a full list of our domains to whitelist. This worked relatively OK for the partners who simply whitelisted a small set of wikipedia languages. Now with the addition of services, that list is about to expand, which means we have to notify each of our partner every time a new subdomain is added. Which also means that chances of something going unnoticed are growing, and people might start being charged unexpectedly.
- Drop all non-IP whitelisted partners (Dan, how big is it?)
This is similar to issue in T93808, we need to make sure that all of our services are accessible from the same hostname.