Add meet.google.com to the HSTS preload list |
||||||||
Issue descriptionSame way as the existing hangouts.google.com and talkgadget.google.com.
,
Sep 2 2016
,
Sep 2 2016
Is there any reason to R-V-G this? Is there any reason (... which sadly, may be the reason to R-V-G this), why we can't use the same as the public mechanisms at https://hstspreload.appspot.com/ Should this be HPKP pinned, as other Google properties are? Presumably, yes, but you can confirm with internal folks if you're not sure (feel free to poke my @google without the r)
,
Sep 2 2016
I will need to add it to the CL at https://codereview.chromium.org/2282203002 1) {hangouts, talkgadget}.google.com are also pinned. I presume that will be safe here? 2) Any chance you could fix up the errors at https://hstspreload.appspot.com/?domain=meet.google.com ? (Ignore the subdomain error.) 3) Since the draft CL will be public, may I derestrict this bug?
,
Sep 2 2016
rsleevi@: hstspreload.appspot.com only accepts eTLD+1. Exceptions need manual handling.
,
Sep 2 2016
1) Yes, it will be safe. 2) I'm trying to fix it with my pending/latest change (see critique). But essentially this will serve exactly the same thing as the other ones. 3) Yes. Thanks.
,
Sep 2 2016
Thanks!
{hangouts, talkgadget}.google.com actually don't send out the preload directive. If you could all change them to send it, that would be good future-proofing.
,
Sep 9 2016
https://codereview.chromium.org/2282203002
,
Sep 16 2016
Server-side fixes have been checked in and should be available in about a week. Thanks.
,
Oct 26 2016
,
Nov 2 2016
,
Nov 3 2016
,
Jun 4 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by q...@chromium.org
, Sep 1 2016