github.com - controlling uploads, allowing downloads, yet POSTs seem to be involved in downloads?
Anyone else in an organization wherein you have audit drivers to prevent the upload of code to github, but leverage open source that originates from github (so downloads, and functions with git and all need to be allowed)?
I ask as Github appears to leverage POST requests even in operations that seem to be read only conceptually which makes this an interesting challenge.
I'm curious to hear of any experience from folks who've had to tackle a similar set of requirements.
As an example, here's a component that led to adding some rather uncomfortable whitelisting past some rules preventing the upload of many archive file types: