New issue
Advanced search Search tips
Starred by 2 users
Status: Fixed
Owner:
Closed: May 2015
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug


Show other hotlists

Hotlists containing this issue:
HSTS-Preload


Sign in to add a comment
Remove snowflake.ch domain from the HSTS Preload list
Reported by kevinhae...@gmail.com, May 12 2015 Back to list
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36

Steps to reproduce the problem:
1. visit e.g. status.snowflake.ch
2. see the certificate error because of "no TLS certificate installed" and HSTS active

What is the expected behavior?
HSTS active for www.snowflake.ch - but not for the subdomains

What went wrong?
"include subdomains => true"

https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json&l=2162

As I saw, it's just possible with the "include subdomains" entry. So maybe the best way is to remove it. We already set the max-age to zero.

Did this work before? N/A 

Chrome version: 42.0.2311.135  Channel: stable
OS Version: Ubuntu 14.04
Flash Version: Shockwave Flash 17.0 r0

For sure, we want to install TLS certificates for every subdomain. 

But there are some "internal" sites, where it's not possible.
 
Comment 1 by agl@chromium.org, May 12 2015
Labels: -OS-Linux OS-All
Owner: agl@chromium.org
Status: Assigned
Project Member Comment 2 by bugdroid1@chromium.org, May 13 2015
Comment 3 by agl@chromium.org, May 13 2015
Status: Fixed
Comment 4 by a...@chromium.org, May 19 2015
Cc: a...@chromium.org
Labels: Needs-Feedback
Didn't observe any certificate error on the version:42.0.2311.152, Mac OS 10.10.3. Same behavior is seen on the latest M-44(44.0.2403.4).

Attached is the screen-shot of the same.

agl@,  kevin@: Could you please help in verifying this fix or if anything is being missed here.
487251.png
457 KB View Download
Hi,

first: thank you very much for the fast reaction!

we fixed the problem for the public sites proactive and migrated all sites to https://

but we can't migrate the internal sites - because there are many sites with sub-subdomain etc:

xy.xy.rz.snowflake.ch 

anyway. I saw that you removed our domain in the 44.x and 45.x branch. 
it would be perfect, if that's also possible for 43.x until the final release.
otherwise: issue fixed :-)

cheers from Zurich.
Kevin
Blocking: chromium:527947
Labels: Hotlist-HSTS-Preload-Removals
Summary: Remove snowflake.ch domain from the HSTS Preload list (was: Remove my domain from HSTS Preload list )
Blocking: -527947
Components: Internals>Network>DomainSecurityPolicy
Sign in to add a comment