►
From YouTube: Magento Architectural Discussion -- July, 17, 2019
Description
* Versioning policy updates
* Domain Whitelist for Configurable 3rd Party Redirects
Meeting notes - https://github.com/magento/architecture/issues/205
A
A
A
Like
this
I'm
Jim
change
goes
to
database,
the
messages,
translatable,
phrase
modified
or
other
it's
a
major
change
and
phrase
remove
which
it's
a
price
change.
Some
explanation
to
this
is
why
it's
major
change,
because,
as
soon
as
somebody
adds
or
modifies
existing
translatable
phrase,
meaning
the
key
for
the
translation,
it
will
lead
to
untranslated
phrase
in
the
production
score
for
the
mesh
for
the
merchant.
So
it
should
be.
It
should
be
visible
from
the
word
and
change
that
something
happens
and
they
need
to
update
translations.
A
A
D
A
D
A
E
Adding
a
new
one,
breaking
though
like
if
we're
talking
about
like
you
know
if
we
were
talking
about
front-end
stuff,
just
as
a
way
to
compare
like
there's
the
whole
concept
of
progressive
enhancement,
right,
there's
a
clear
distinction
between
something
works.
But
but
maybe
it's
not
100%
the
ideal
world
versus
something
straight-up
breaks,
and
if
something
doesn't
prevent
a
shopper
from
going
through
any
of
the
scenarios
they're
supposed
to
go
through,
it
seems
like
making
something
breaking
for
something
that
doesn't
break
any
scenario.
B
F
B
F
A
A
F
A
B
B
A
G
A
D
A
A
A
A
A
H
B
C
A
B
A
D
A
A
J
Okay,
so
yeah
we
have
a
proposal
to
add
a
new
configuration
for
a
list
of
white
listed
domains,
because
so
we
were
implementing
payment
methods
for
PayPal
in
graph
QL
and
we're
trying
to
implement
it
in
a
way
where
the
front-end
and
back-end
application
can
be
decoupled.
And
in
that
scenario
it
was
brought
up
that
there
could
be
the
potential
that
they're
on
different
domains.
So
the
redirect
redirects
the
front-end
and
currently
all
the
logic
for
like
where
to
redirect
it
is
in
the
backend.
J
J
See
my
screen:
yes,
the
okay,
it's
not
shown
in
my
please
so
there's
been
discussion
about
where
exactly
the
configuration
should
live.
Originally
we
suggested
an
EMV
dot,
php'
I'm
thinking
it
some
more
secure.
It's
only
editable
Vic.
If
you
can
edit
the
file
or
run
out
of
CLI
command,
Alex
suggested
it
just
being
in
the
regular
store
configuration
I.
J
J
Think
maybe
someone
maybe
Andrew
kin
or
Andrew
or
Eugene,
talked
to
that
more
yeah.
E
The
only
way
that
you'd
be
able
to
run
the
graph
QL
API
on
a
separate
host
name
would
be
switching
to
token
based
off
instead
of
cookie
based
off,
and
it
sounds
from
talking
with
yevon
that
that
might
be
a
far
future
type
thing.
So
I'm,
not
necessarily
trying
to
say
we
shouldn't
do
this.
I
just
I
want
to
make
sure
that
we,
you
know
proposals.
One
thing
versus
like
implementation
is
another
thing
so
like
this
work
makes
sense.
Coupled
with
you
know,
if
at
some
point
in
the
future,
we
do
do
that.
E
I
just
wanted
to
bring
up
that.
This
might
be
something
that
we
end
up.
It
could
end
up
making
security
looser
if
we
don't
actually
need
feature
in
the
future.
So
I
just
wanted
to
make
sure
to
raise
that
point,
because
if
we're
like,
you
know
for
three
or
four
years
away
from
being
able
to
do
token
off
with
the
API,
then
we're
far
ways
away
from
this
being
able
to
be
usable
by
people.
G
I
Even
it's
not
about
it's
not
only
about
different
domains.
It's
on.
It's
also
about
different
URLs,
because,
for
example,
like
the
original
example
was
related
to
the
payment
integration
and
the
Ken
doesn't
know
about
the
euro,
which
Europe
euros
should
be
used
for
a
direction
only
front
end
knows
about
it
so
and
front
end.
Somehow
should
provide
this
URLs
in
secure
way.
Actually,
the
instances
could
be
on
the
same
domain,
but
the
URLs
can
be
different,
and
somehow
we
need
to
solve
this
problem.
J
K
E
My
personal
opinion
is
that
we
should
go
with
whatever
permits
the
least
the
least
amount
of
variable
URLs
in
there,
and
so
we
have
a
use
case
that
we
know
can
be
actually
like
utilized
for
it
right.
So
personally,
I'd
be
4i,
I
can't
say,
I
necessarily
understand
what
or
if
there'd
be
a
difference
between
base
URL
and
the
host
port
protocol
that
the
API
is
called
under,
but
yeah.
A
Now,
let's
see
what
happens
to
implement
that,
and
sometimes
we
need
to
still
call
with
some
white
listing
or
we
need
to
support
other
domains
to
bid
I
think
we
can
add
it
in
pretty
backward-compatible
way
right.
So
we
will
add
it
as
a
new
feature
and
still
if
no
the
mine
is
provided
or
no
URL
and
whitelist
is
provided.
We
can
fall
back
to
to
the
current
demand
of
graticule
right.