Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users
Status: Fixed
Owner:
Last visit 17 days ago
Closed: May 2015
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug


Participants' hotlists:
HSTS-Preload


Sign in to add a comment
Remove friendlink.jp from the HSTS Preload list
Reported by koiz...@axel-media.com, Apr 24 2015 Back to list
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Example URL:
e.g. http://tokyo.friendlink.jp https://ceo.friendlink.jp/ and all subdomain

Steps to reproduce the problem:
1. Access http://tokyo.friendlink.jp
2. Automatically transferred to https
3. Privacy error is displayed

What is the expected behavior?
Please remove domain name friendlink.jp from /net/http/transport_security_state_static.json

What went wrong?
Sends a "Strict-Transport-Security" HTTP Header or submited to https://hstspreload.appspot.com/

Did this work before? N/A 

Chrome version: 42.0.2311.90  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 17.0 r0
 
Comment 1 by mmenke@chromium.org, Apr 24 2015
Cc: lgar...@chromium.org agl@chromium.org
Labels: -Cr-Internals-Network Cr-Internals-Network-SSL
Although the best way to fix this is to get a valid certificate for the site, we can make this change for you. However[1],

- Since we just released Chrome 42, this will take about 6 weeks to reach the beta channel, and another 6 weeks to reach stable.
- We can't really provide additional support or guarantees about the resulting effect on the website, especially for other browsers.

Are you willing to accept that?

[1] https://code.google.com/p/chromium/issues/detail?id=467486#c7
For reference, the friendlink.jp was added to the preload list on Jan. 20: https://chromium.googlesource.com/chromium/src/+/a45ea4d4cff856b3ede613f93b8745bfaf4c5452
I understood. Please stop "remove".

I would like to change "include_subdomains" to false.
Is it possible?
Comment 4 by agl@chromium.org, Apr 25 2015
> I would like to change "include_subdomains" to false. Is it possible?

Yes, although with the same timeline and possible lack of effectiveness.
Comment 5 Deleted
Sorry. I'm not used to English.

I hope to change "include_subdomains" of "friendlink.jp" to false only.
Comment 7 by agl@chromium.org, Apr 27 2015
Owner: agl@chromium.org
Status: Assigned
When the tree opens, I'll submit a change to remove friendlink.jp from the preload list. We generally require include_subdomains to be set and this doesn't appear to be a case where we need to make an exception.
Project Member Comment 8 by bugdroid1@chromium.org, Apr 27 2015
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/456c9c2e03d1cd8be17bcbcb053c9d1499706fcc

commit 456c9c2e03d1cd8be17bcbcb053c9d1499706fcc
Author: Adam Langley <agl@google.com>
Date: Mon Apr 27 22:17:47 2015

net: remove friendlink.jp and CS50 from HSTS preload.

BUG= 480785 

Cr-Commit-Position: refs/heads/master@{#327157}

[modify] http://crrev.com/456c9c2e03d1cd8be17bcbcb053c9d1499706fcc/net/http/transport_security_state_static.h
[modify] http://crrev.com/456c9c2e03d1cd8be17bcbcb053c9d1499706fcc/net/http/transport_security_state_static.json

Comment 9 by agl@chromium.org, May 4 2015
Status: Fixed
Blocking: chromium:527947
Labels: Hotlist-HSTS-Preload-Removals
Summary: Remove friendlink.jp from the HSTS Preload list (was: Remove my domain from HSTS Preload list)
Blocking: -527947
Components: Internals>Network>DomainSecurityPolicy
Components: -Internals>Network>SSL
Sign in to add a comment