hstspreload icon indicating copy to clipboard operation
hstspreload copied to clipboard

Published 20 hours ago verified publisher icon chromium

Prevent preloading a domain if its TLD is preloaded

Open nharper opened this issue 5 years ago • 2 comments

There are a few .app domains on the preload list, but the entire app TLD is preloaded. We should reject these submissions because they're already covered by the TLD entry.

nharper avatar Jul 08 '19 20:07 nharper

I considered doing his a while back, but it wasn't a priority because the UI actually doesn't give you a submit button for .app domains (plus it doesn't hurt security and is easy to fix after the fact). So it seems that some people are doing direct submissions using the API?

In any case, I've moved the issue to https://github.com/chromium/hstspreload because policy is handled in this repo; feel free to move back if you prefer!

lgarron avatar Jul 09 '19 02:07 lgarron

I did a bit of overlap analysis at https://bugs.chromium.org/p/chromium/issues/detail?id=1063664 - many are TLD, but there are quite a few overlaps which are not against the TLD.

jayvdb avatar Apr 12 '20 04:04 jayvdb