Monday 18 September 2017

Chrome to force .dev domains to HTTPS via preloaded HSTS


tl;dr: one of the next versions of Chrome is going to force all domains ending on .dev (and .foo) to be redirected to HTTPs via a preloaded HTTP Strict Transport Security (HSTS) header. This very interesting commit just landed in Chromium:
Preload HSTS for the .dev gTLD.
This adds the following line to Chromium’s preload lists;
{ "name": "dev", "include_subdomains": true, "mode": "force-https" },
{ "name": "foo", "include_subdomains": true, "mode": "force-https" },
It forces any domain on the .dev gTLD to be HTTPs.
Yes, unfortunately.
It’s been bought by Google as one of their 100+ new gTLDs. What do they use it for? No clue. But it’s going to cause a fair bit of confusion and pain to webdevelopers.
The .dev gTLD has nameservers and is basically like any other TLD out there, we as developers just happen to have chosen that name as a good placeholder for local development, too, overwriting the public DNS.
$ dig +trace dev. NS
dev. 172800 IN NS ns-tld4.charlestonroadregistry.com.
dev. 172800 IN NS ns-tld5.charlestonroadregistry.com.
dev. 172800 IN NS ns-tld3.charlestonroadregistry.com.
Source: https://managewp.org/articles/16131/chrome-to-force-dev-domains-to-https-via-preloaded-hsts




source https://williechiu40.wordpress.com/2017/09/18/chrome-to-force-dev-domains-to-https-via-preloaded-hsts/

No comments:

Post a Comment