hst: optionally reject insecure options

This prevents inadvertent use of insecure compatibility features. Closes #30. Signed-off-by: Ophestra <cat@gensokyo.uk>
2026-04-10 19:12:45 +09:00
parent 952082bd9b
commit c33a6a5b7e
9 changed files with 128 additions and 39 deletions
--- a/internal/store/data.go
+++ b/internal/store/data.go
@@ -41,7 +41,7 @@ func entryDecode(r io.Reader, p *hst.State) (hst.Enablement, error) {
 		return et, err
 	} else if err = gob.NewDecoder(r).Decode(&p); err != nil {
 		return et, &hst.AppError{Step: "decode state body", Err: err}
-	} else if err = p.Config.Validate(); err != nil {
+	} else if err = p.Config.Validate(hst.VAllowInsecure); err != nil {
 		return et, err
 	} else if p.Enablements.Unwrap() != et {
 		return et, &hst.AppError{Step: "validate state enablement", Err: os.ErrInvalid,