Hey, so this feedback is a bit leftfield but might be useful. On my home network I run pihole using some popular blocklists, and sdk.arengu.com is blocked in two of them, one of them since about 2 years ago. As a result the sign in example on the homepage didn't load initially. It looks like the required forms.js doesn't load.
Of course this is an edge case, your company can't reasonably be expected to cater for how people on the internet decide to filter content on their personal networks, and the majority of people won't run their own DNS servers & take the same slash and burn approach to whitelisting as I do, so I understand if it's seen as a non-issue or rare edge-case.
I'm guessing the SDK URL got flagged on the list because the form builder has been used by some websites for various marketing related purposes triggering a blacklist maintainer to blanket ban the URL (I've had to whitelist common things like cdnjs for similar reasons).
That's fine for marketing forms / flows, but I'm thinking since a website or application's login is more of a primary / critical feature it would make me think twice about using the service if I were designing an app aimed toward tech & privacy savvy developers.
As a workaround, does your service still work if developers decide to host the needed assets on their infrastructure or proxy them under their own DNS? Could be a way around it.
Anyway the feature looks interesting, login flows are far from trivial once you get into the area of social login, OTP, device authentication, 2FA etc. I'm hammering out the architecture of a SaaS service at the moment so I can appreciate the niche you're trying to hit, good luck with the launch and hopefully the above feedback is useful.
We’ve noticed that before and that’s a situation, unfortunately, a bit out of our control. Sometimes we try to request those blacklist sites to remove sdk.arengu.com but without much success.
Allowing developers to host the asset would be a workaround, but that can end up with unexpected issues when we update it. We already had in mind the DNS approach but still analyzing potential security issues before moving forward.
Thank you very much for the feedback and if you want to give Arengu a try, feel free to ping me :)
Of course this is an edge case, your company can't reasonably be expected to cater for how people on the internet decide to filter content on their personal networks, and the majority of people won't run their own DNS servers & take the same slash and burn approach to whitelisting as I do, so I understand if it's seen as a non-issue or rare edge-case.
I'm guessing the SDK URL got flagged on the list because the form builder has been used by some websites for various marketing related purposes triggering a blacklist maintainer to blanket ban the URL (I've had to whitelist common things like cdnjs for similar reasons).
That's fine for marketing forms / flows, but I'm thinking since a website or application's login is more of a primary / critical feature it would make me think twice about using the service if I were designing an app aimed toward tech & privacy savvy developers.
As a workaround, does your service still work if developers decide to host the needed assets on their infrastructure or proxy them under their own DNS? Could be a way around it.
Anyway the feature looks interesting, login flows are far from trivial once you get into the area of social login, OTP, device authentication, 2FA etc. I'm hammering out the architecture of a SaaS service at the moment so I can appreciate the niche you're trying to hit, good luck with the launch and hopefully the above feedback is useful.