Manifest Declares The Target

A fetcher's allowlist validates the URL it loads a manifest from, not the targets the manifest declares. The fetched payload names the next destination, and the trust placed on the manifest's source does not transfer to the URLs the manifest writes.