Per T177765#4867361, Proton should not have direct network access, all it's web requests should go through a proxy. (It's a puppeteered Chromium processAs discussed in T177765#4867361, so hopefully Chromium can simply be configured to use a proxy.) The proxy should
* Blacklist all internal domains (*Proton should not have access to the internal Wikimedia network (*.wmnet, IP addresses). The PDF renderer should not be able to access anything that a random person on the open internet cannot access.
* Probably whitelist Wikimedia domains and reject everything else. There is not much risk in arbitrary external URL access, but no reason to allow it, either. Even if some wiki is using external resources (which they really shouldn'tIP addresses), it should be fine to just reject those.
* Maybe add a CSP header on HTML responses that bans all external resources except from other Wikimedia domains.and should probably only have to those external pages which are expected to be used for rendering the page (in a first approximation, (The whitelist would already ban these,Wikimedia domains only). but it's defense in depth.)So a web proxy or CSP injection or some other mechanism for ensuring that is needed.