> What if the host executing the script had access to some intranet site with sensitive data? Would I be able to do a network import of such a URL, load it as raw text, and provide that as a header to another import?
Yes, a local import would be able to access an intranet site and re-export that information via custom headers supplied to another import. This is allowed because it falls under trusting local imports. Local imports have access to environment variables and your local filesystem, too, which are equally sensitive, which is why they need to be trusted.
This rule is called the "referential transparency" check, which can be summed up as:
* Only environment variables, absolute paths, and home-anchored paths classify as "local" imports
* Only local imports can retrieve other local imports
* URLs can import relative paths, but they are relative to the URL, not relative to your local filesystem
The reason it's called the "referential transparency" check is because this security restriction also leads to the nice property that import system is referentially transparent. That means that every import evaluates to the same result no matter you import it from. For example, if you have a directory of Dhall expressions that refer to each other and you rehost them on a file server the language guarantees that they still behave the same whether you import them locally or you import them via their hosted URLs.
Yes, a local import would be able to access an intranet site and re-export that information via custom headers supplied to another import. This is allowed because it falls under trusting local imports. Local imports have access to environment variables and your local filesystem, too, which are equally sensitive, which is why they need to be trusted.
This rule is called the "referential transparency" check, which can be summed up as:
* Only environment variables, absolute paths, and home-anchored paths classify as "local" imports
* Only local imports can retrieve other local imports
* URLs can import relative paths, but they are relative to the URL, not relative to your local filesystem
The reason it's called the "referential transparency" check is because this security restriction also leads to the nice property that import system is referentially transparent. That means that every import evaluates to the same result no matter you import it from. For example, if you have a directory of Dhall expressions that refer to each other and you rehost them on a file server the language guarantees that they still behave the same whether you import them locally or you import them via their hosted URLs.
Also, thanks! :)