Hi Cursor team,
I appreciate the thought that went into the allowlist for web fetching. I’ve been adding domains that I trust and rejecting those with lots of user submitted content (e.g. github). I’m assuming this feature was partly added for prompt injection reasons, but please correct me if I’m wrong.
However I find with github I often find myself repeatedly allowing fetches from the same orgs/repos that I trust but there is no option to add specific path wildcards like `github.com/posthog/*` (only domains and subdomains).