Lucas Garron
Lucas Garron
Moving the source of truth is no longer a goal for me (as of a few months ago). It's not out of the question, but it's not *necessary* for anything...
The header has to be sent on the response to `/` itself, even if there's a redirect to the same origin. Depending on your server software, there may be a...
This is what I get, with the cache disabled: The first request is pretty fast, and the rest are all in parallel. We only have a few App Engine instances,...
> Do they offer a CDN? If not, have you thought about using Cloudflare for example? We should use a Google Cloud solution. Would you care to look if any...
What would you say the main reasons are that people need access to the full list? As with the public suffix list, there are issues with encouraging general consumption of...
*shakes fist at Google Cloud* This *should* be easy, but every time I touch the relevant file I also cause a bug due to unforeseen issues with Google Cloud: https://github.com/chromium/hstspreload.org/blob/0e96795849e35ed537e712ba85d1fbbe7e0a6674/hstsserver.go#L23-L26
> From reading that thread, we might want to consider using https://github.com/weppos/publicsuffix-go, which is updated more frequently. Do you know the Google policy on referencing a third-party library like that,...
I believe this is a dupe of #142.
So far, we've tried to encourage configurations that did not depend on any feature of the client, especially things like the user agent or source IP. The HSTS preload list...
@nharper, do you have an opinion about this either way?