Impact: 60 · Confidence: 95 · Complexity: 20
Description
Problem
Users often paste full URLs (e.g., https://example.com/) into the Allowed Domains list instead of the bare domain (example.com). This causes domain matching to fail silently when processing images, leading to "domain is not allowed" errors and unnecessary support tickets.
Desired Behavior
The "Allowed Domains" input or backend API should automatically sanitize entries by removing http://, https://, and any trailing slashes before or during the save action. If auto-sanitization is not feasible, front-end validation should block the input and warn the user that protocols/paths are not permitted.
Acceptance Criteria
- Entering
https://domain.com or http://domain.com/ in the Allowed Domains list successfully saves as domain.com.
- Image optimization successfully validates the sanitized domain against incoming image requests.
- The user experience is improved by preventing configuration errors directly at the input stage.
Customer Context
A pro customer added an external storage domain to their Optimole Allowed Domains to serve images via a custom CDN. They copy-pasted the full URL with the https:// protocol, causing the optimization engine to reject the images with a "domain is not allowed" error. They had to contact support to find out that the protocol needs to be removed.
Root Cause Analysis
The root cause is a mismatch between how users naturally supply domain names (often copy-pasting full URLs) and how the Optimole backend does strict string matching for allowed domains. Current behavior assumes the user inputs a bare domain, and it eventually fails downstream during image delivery rather than catching the error during configuration. This is a gap in how the existing domain-allowlisting capability is validated and parsed.
Alternative Suggestions
Update the Allowed Domains input field (or the backend handler) to automatically sanitize user input. When a user pastes a URL, extract just the hostname and strip out any protocol (http://, https://) and trailing slashes before applying.
Reasoning
The customer pasted a full URL (including 'https://') into the Allowed Domains list in the Optimole dashboard, but the image processing engine expects only the bare domain. Support had to manually instruct the customer to remove the protocol to make it work. Instead of requiring users to know this formatting rule and fielding support tickets when they get it wrong, the system should automatically sanitize the input by stripping protocols and trailing slashes.
Source: HelpScout #3359613496
Generated by feature-request-triage workflow (ID: feature-request-triage_6a33b3a6a8e3d1.30303624)
Impact: 60 · Confidence: 95 · Complexity: 20
Description
Problem
Users often paste full URLs (e.g.,
https://example.com/) into the Allowed Domains list instead of the bare domain (example.com). This causes domain matching to fail silently when processing images, leading to "domain is not allowed" errors and unnecessary support tickets.Desired Behavior
The "Allowed Domains" input or backend API should automatically sanitize entries by removing
http://,https://, and any trailing slashes before or during the save action. If auto-sanitization is not feasible, front-end validation should block the input and warn the user that protocols/paths are not permitted.Acceptance Criteria
https://domain.comorhttp://domain.com/in the Allowed Domains list successfully saves asdomain.com.Customer Context
A pro customer added an external storage domain to their Optimole Allowed Domains to serve images via a custom CDN. They copy-pasted the full URL with the
https://protocol, causing the optimization engine to reject the images with a "domain is not allowed" error. They had to contact support to find out that the protocol needs to be removed.Root Cause Analysis
The root cause is a mismatch between how users naturally supply domain names (often copy-pasting full URLs) and how the Optimole backend does strict string matching for allowed domains. Current behavior assumes the user inputs a bare domain, and it eventually fails downstream during image delivery rather than catching the error during configuration. This is a gap in how the existing domain-allowlisting capability is validated and parsed.
Alternative Suggestions
Update the Allowed Domains input field (or the backend handler) to automatically sanitize user input. When a user pastes a URL, extract just the hostname and strip out any protocol (
http://,https://) and trailing slashes before applying.Reasoning
The customer pasted a full URL (including 'https://') into the Allowed Domains list in the Optimole dashboard, but the image processing engine expects only the bare domain. Support had to manually instruct the customer to remove the protocol to make it work. Instead of requiring users to know this formatting rule and fielding support tickets when they get it wrong, the system should automatically sanitize the input by stripping protocols and trailing slashes.
Source: HelpScout #3359613496
Generated by feature-request-triage workflow (ID: feature-request-triage_6a33b3a6a8e3d1.30303624)