Re: [CSP] Relative/absolute hostname matching

On Fri, Nov 7, 2014 at 11:05 AM, Mike West <> wrote:
> My worry is that we'd be unable to support internal names on intranets. For
> instance, consider an internal shortlinking service named
> ``, which is accessible by typing `go`. If we
> automagically assume that `go` is `go.`, then we'd break the resolution,
> right?

I suppose we would, yes. Seems hard for such a service to protect
itself from the internal network if the setup was like that though,

> I think we'd have to limit the behavior to public suffixes, which seems
> strange to bring into URL parsing.


So either we make it a UA-initiated redirect for public suffixes or we
just deal with the brokenness and define that for certificates (and
HSTS, anything else?) they are identical.


Received on Friday, 7 November 2014 10:22:10 UTC