Provide support for bulk HSTS subdomain removal
Reported by
m...@wake.io,
Mar 31 2016
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36 Example URL: chrome://net-internals/#hsts Steps to reproduce the problem: 1. Set HSTS header on server 2. Navigate to https://subdomain.domain.com and https://subdomain2.domain.com 3. Navigate to chrome://net-internals/#hsts in the Delete domain section type *.domain.com and click delete What is the expected behavior? All subdomains of domain.com have been cleared of existing HSTS headers What went wrong? All subdomains continue to utilize existing HSTS headers Did this work before? N/A Chrome version: 49.0.2623.87 Channel: n/a OS Version: OS X 10.10.5 Flash Version:
,
Mar 31 2016
,
Mar 31 2016
,
Mar 31 2016
,
Apr 1 2016
I don't know if this should be high enough priority that we'll get to it any time soon, but let me offer two immediate workarounds:
- If you *can* still serve valid HSTS from those subdomains, serve it with a max-age=0 and trigger a load of a resources to each relevant subdomain.
- Script the chrome://net-internals/#hsts page:
for (domain of domainList) {
document.getElementById("hsts-view-delete-input").value = domain;
document.getElementById("hsts-view-delete-submit").click()
}
,
Feb 18 2017
,
Feb 19 2018
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by shivanisha@chromium.org
, Mar 31 2016