Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(22)

Issue 2550763002: HSTS preload list removals for Chrome 57. (Closed)

Created:
4 years ago by lgarron
Modified:
3 years, 11 months ago
Reviewers:
CC:
cbentzel+watch_chromium.org, chromium-reviews
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

HSTS preload list removals for Chrome 57. mencap.org.uk: > We have a lot of internal sites/subsites and as a charity all sites are not > using ssl. We will do when when we purchase a wildcard ssl. hzsh.xyz: > HSTS verification needs to be disabled for Let's encrypt authentication > errors. I tested cPanel Let's encrypt authentication, SNI does not support > https authentication. ssersay.com: > • sport.ssersay.com – We suppose to bind this subdomain to a TV live platform > which does not support https. > • jekyii.ssersay.com – We plan to use the Coding Pages service which does not > allow https tokyopopline.com: > We can not operate the site with HTTPS. > • reason > Since the portal site of the delivery destination does not correspond. cgat.no: > • cgat.no - root domain being transitioned to a 301 primary redirect to > another site (https://christiangaetano.com) that will be on the HSTS preload > list. usap.gov: > All usap.gov subdomains - Preload forces our internal (non-public facing) > subdomains to https, which was an unforeseen consequence of HSTS preloading > and which we are unable to support at this time. cip.md: > can't upgrade to HTTPS due to device limitation > (http://asus.meriacre.cip.md:8081) johndong.net, gooby.co: > Basically all of gooby.co and johndong.net need to be removed from HSTS > preload because I royally screwed up with my configuration and now I can't use > HTTP on a subdomain of mine. kinogb.net: > We happened to turn on HSTS > Part pages may not work on https, only on http open-coding.org: > I'd like to sell the domain koophetlokaal.nl: > Unfortunately due to a lack of understanding the HSTS logic fully I've used > default settings for a certain software stack to setup my SSL certificates. > > This resulted in the preloading feature to be enabled by default and since > I've moved to LetsEncrypt I'm running into issues. jf-projects.de: > • storage.jf-projects.de - It's an old box, that does not has the ability to > provide HTTPS > • router.jf-projects.de - It's an router. kkaufmann.de: > I cant connect to my Router at Home and other Sites. mindwerks.net: The site operator enabled HPKP, then accidentally switched to a certificate that did not match the previously pinned set. As a precaution, they'd like to remove the HSTS entry from the preload list (even though the issue mostly orthogonal). glopoi.com: - [various country-code subdomains] - we couldn't afford any more mytripcar.com: > • marketing.mytripcar.com - we use a third-party service and uploading custom > SSL certificates has an extra cost BUG=527947 TBR=palmer@chromium.org Review-Url: https://codereview.chromium.org/2550763002 . Cr-Commit-Position: refs/heads/master@{#444621} Committed: https://chromium.googlesource.com/chromium/src/+/c083c885f19967daef65cce687ab0b0d695adf69

Patch Set 1 #

Patch Set 2 : HSTS preload list removals for Chrome 57. #

Patch Set 3 : HSTS preload list removals for Chrome 57. #

Patch Set 4 : HSTS preload list removals for Chrome 57. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -19 lines) Patch
M net/http/transport_security_state_static.json View 1 2 3 18 chunks +1 line, -19 lines 0 comments Download

Messages

Total messages: 3 (2 generated)
lgarron
3 years, 11 months ago (2017-01-19 03:16:05 UTC) #3
Message was sent while issue was closed.
Committed patchset #4 (id:50001) manually as
c083c885f19967daef65cce687ab0b0d695adf69 (presubmit successful).

Powered by Google App Engine
This is Rietveld 408576698