When using Prince, I would like to be able to restrict which domains Prince can make requests to.

For example:

prince --restrict-hosts=subdomain.example.org,localhost:80,localhost:443

This would help when you allow users to modify the HTML on your server, but want to make sure that external hosts are not allowed, as this could be used in some nasty ways, even if it's not perfect it's still better than nothing.

The most reliable way of doing this would probably be to point Prince at a HTTP proxy that can be configured to allow the specific hosts you wish to support. You could also run Prince under Docker with custom network settings I think, or if you're running Prince on Linux you can use a specific user ID and specify firewall rules with iptables.

Yes but the list of allowed hosts can vary with each document, so I would have to fire a HTTP proxy for every document created with Prince... Not the best solution.

What is the use case here exactly, converting documents for authors who wish to be able to refer to resources on their own servers?

We host thousands of NGOs, each organization can modify the HTML template of their receipts.

Resources from the NGO web account domain are allowed, but we want to make sure that if someone gains access to an admin account of the NGO and changes the HTML template, they can't make the PDF generator to call external domains.

What we want to allow:

<script src="https://myorg.domain.tld/"></script>

What we want to block:

<script src="https://attacker.example.org/"></script>

This won't protect against everything, but it would still an additional security measure.