Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent preloading a domain if its TLD is preloaded #113

Open
nharper opened this issue Jul 8, 2019 · 2 comments
Open

Prevent preloading a domain if its TLD is preloaded #113

nharper opened this issue Jul 8, 2019 · 2 comments

Comments

@nharper
Copy link
Collaborator

nharper commented Jul 8, 2019

There are a few .app domains on the preload list, but the entire app TLD is preloaded. We should reject these submissions because they're already covered by the TLD entry.

@lgarron lgarron transferred this issue from chromium/hstspreload.org Jul 9, 2019
@lgarron
Copy link
Collaborator

lgarron commented Jul 9, 2019

I considered doing his a while back, but it wasn't a priority because the UI actually doesn't give you a submit button for .app domains (plus it doesn't hurt security and is easy to fix after the fact). So it seems that some people are doing direct submissions using the API?

In any case, I've moved the issue to https://github.com/chromium/hstspreload because policy is handled in this repo; feel free to move back if you prefer!

@jayvdb
Copy link

jayvdb commented Apr 12, 2020

I did a bit of overlap analysis at https://bugs.chromium.org/p/chromium/issues/detail?id=1063664 - many are TLD, but there are quite a few overlaps which are not against the TLD.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants