| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file contains the HSTS preloaded list in a machine readable format. | 5 // This file contains the HSTS preloaded list in a machine readable format. |
| 6 | 6 |
| 7 // The top-level element is a dictionary with two keys: "pinsets" maps details | 7 // The top-level element is a dictionary with two keys: "pinsets" maps details |
| 8 // of certificate pinning to a name and "entries" contains the HSTS details for | 8 // of certificate pinning to a name and "entries" contains the HSTS details for |
| 9 // each host. | 9 // each host. |
| 10 // | 10 // |
| (...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 170 "GeoTrustPrimary_G3", | 170 "GeoTrustPrimary_G3", |
| 171 "GeoTrustPrimary", | 171 "GeoTrustPrimary", |
| 172 "TheGoDaddyGroupClass2", | 172 "TheGoDaddyGroupClass2", |
| 173 "GoDaddyRoot_G2", | 173 "GoDaddyRoot_G2", |
| 174 "GoDaddySecure", | 174 "GoDaddySecure", |
| 175 "ThawtePremiumServer", | 175 "ThawtePremiumServer", |
| 176 "ThawtePrimaryRootCA_G2", | 176 "ThawtePrimaryRootCA_G2", |
| 177 "ThawtePrimaryRootCA_G3", | 177 "ThawtePrimaryRootCA_G3", |
| 178 "ThawtePrimaryRootCA" | 178 "ThawtePrimaryRootCA" |
| 179 ] | 179 ] |
| 180 }, |
| 181 { |
| 182 "name": "facebook", |
| 183 "static_spki_hashes": [ |
| 184 "SymantecClass3EVG3", |
| 185 "DigiCertECCSecureServerCA", |
| 186 "DigiCertEVRoot", |
| 187 "FacebookBackup" |
| 188 ] |
| 180 } | 189 } |
| 181 ], | 190 ], |
| 182 | 191 |
| 183 "entries": [ | 192 "entries": [ |
| 184 // Dummy entry to test certificate pinning. | 193 // Dummy entry to test certificate pinning. |
| 185 { "name": "pinningtest.appspot.com", "include_subdomains": true, "pins": "te
st" }, | 194 { "name": "pinningtest.appspot.com", "include_subdomains": true, "pins": "te
st" }, |
| 186 | 195 |
| 187 // (*.)google.com, iff using SSL, must use an acceptable certificate. | 196 // (*.)google.com, iff using SSL, must use an acceptable certificate. |
| 188 { "name": "google.com", "include_subdomains": true, "pins": "google" }, | 197 { "name": "google.com", "include_subdomains": true, "pins": "google" }, |
| 189 | 198 |
| (...skipping 1185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1375 { "name": "onedot.nl", "include_subdomains": true, "mode": "force-https" }, | 1384 { "name": "onedot.nl", "include_subdomains": true, "mode": "force-https" }, |
| 1376 { "name": "powerplannerapp.com", "include_subdomains": true, "mode": "force-
https" }, | 1385 { "name": "powerplannerapp.com", "include_subdomains": true, "mode": "force-
https" }, |
| 1377 { "name": "ru-sprachstudio.ch", "include_subdomains": true, "mode": "force-h
ttps" }, | 1386 { "name": "ru-sprachstudio.ch", "include_subdomains": true, "mode": "force-h
ttps" }, |
| 1378 { "name": "segu-info.com.ar", "include_subdomains": true, "mode": "force-htt
ps" }, | 1387 { "name": "segu-info.com.ar", "include_subdomains": true, "mode": "force-htt
ps" }, |
| 1379 { "name": "slattery.co", "include_subdomains": true, "mode": "force-https" }
, | 1388 { "name": "slattery.co", "include_subdomains": true, "mode": "force-https" }
, |
| 1380 { "name": "slidebatch.com", "include_subdomains": true, "mode": "force-https
" }, | 1389 { "name": "slidebatch.com", "include_subdomains": true, "mode": "force-https
" }, |
| 1381 { "name": "smartship.co.jp", "include_subdomains": true, "mode": "force-http
s" }, | 1390 { "name": "smartship.co.jp", "include_subdomains": true, "mode": "force-http
s" }, |
| 1382 { "name": "southside-crew.com", "include_subdomains": true, "mode": "force-h
ttps" }, | 1391 { "name": "southside-crew.com", "include_subdomains": true, "mode": "force-h
ttps" }, |
| 1383 { "name": "tickopa.co.uk", "include_subdomains": true, "mode": "force-https"
}, | 1392 { "name": "tickopa.co.uk", "include_subdomains": true, "mode": "force-https"
}, |
| 1384 { "name": "wieninternational.at", "include_subdomains": true, "mode": "force
-https" }, | 1393 { "name": "wieninternational.at", "include_subdomains": true, "mode": "force
-https" }, |
| 1385 { "name": "fleximus.org", "include_subdomains": true, "mode": "force-https"
} | 1394 { "name": "fleximus.org", "include_subdomains": true, "mode": "force-https"
}, |
| 1395 |
| 1396 // Facebook would like to have pinning enforced on (*.)facebook.com and |
| 1397 // HSTS enforced on specific names. We can't (yet) represent that in JSON |
| 1398 // So we're currently only applying pinning on the specific names. |
| 1399 { "name": "facebook.com", "mode": "force-https", "pins": "facebook" }, |
| 1400 { "name": "www.facebook.com", "include_subdomains": true, "mode": "force-htt
ps", "pins": "facebook" }, |
| 1401 { "name": "m.facebook.com", "include_subdomains": true, "mode": "force-https
", "pins": "facebook" }, |
| 1402 { "name": "tablet.facebook.com", "include_subdomains": true, "mode": "force-
https", "pins": "facebook" }, |
| 1403 { "name": "secure.facebook.com", "include_subdomains": true, "mode": "force-
https", "pins": "facebook" }, |
| 1404 { "name": "pixel.facebook.com", "include_subdomains": true, "mode": "force-h
ttps", "pins": "facebook" }, |
| 1405 { "name": "apps.facebook.com", "include_subdomains": true, "mode": "force-ht
tps", "pins": "facebook" }, |
| 1406 { "name": "upload.facebook.com", "include_subdomains": true, "mode": "force-
https", "pins": "facebook" }, |
| 1407 { "name": "developers.facebook.com", "include_subdomains": true, "mode": "fo
rce-https", "pins": "facebook" }, |
| 1408 { "name": "touch.facebook.com", "include_subdomains": true, "mode": "force-h
ttps", "pins": "facebook" }, |
| 1409 { "name": "mbasic.facebook.com", "include_subdomains": true, "mode": "force-
https", "pins": "facebook" }, |
| 1410 { "name": "code.facebook.com", "include_subdomains": true, "mode": "force-ht
tps", "pins": "facebook" }, |
| 1411 { "name": "t.facebook.com", "include_subdomains": true, "mode": "force-https
", "pins": "facebook" }, |
| 1412 { "name": "mtouch.facebook.com", "include_subdomains": true, "mode": "force-
https", "pins": "facebook" }, |
| 1413 { "name": "business.facebook.com", "include_subdomains": true, "mode": "forc
e-https", "pins": "facebook" }, |
| 1414 { "name": "research.facebook.com", "include_subdomains": true, "mode": "forc
e-https", "pins": "facebook" } |
| 1386 ], | 1415 ], |
| 1387 | 1416 |
| 1388 // |ReportUMAOnPinFailure| uses these to report which domain was associated | 1417 // |ReportUMAOnPinFailure| uses these to report which domain was associated |
| 1389 // with the public key pinning failure. | 1418 // with the public key pinning failure. |
| 1390 // | 1419 // |
| 1391 // DO NOT CHANGE THE ORDERING OF THESE NAMES OR REMOVE ANY OF THEM. Add new | 1420 // DO NOT CHANGE THE ORDERING OF THESE NAMES OR REMOVE ANY OF THEM. Add new |
| 1392 // domains at the END of the array. | 1421 // domains at the END of the array. |
| 1393 "domain_ids": [ | 1422 "domain_ids": [ |
| 1394 "NOT_PINNED", | 1423 "NOT_PINNED", |
| 1395 "GOOGLE_COM", | 1424 "GOOGLE_COM", |
| (...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1639 "CHROMIUM_ORG", | 1668 "CHROMIUM_ORG", |
| 1640 "CRYPTO_CAT", | 1669 "CRYPTO_CAT", |
| 1641 "LAVABIT_COM", | 1670 "LAVABIT_COM", |
| 1642 "GOOGLETAGMANAGER_COM", | 1671 "GOOGLETAGMANAGER_COM", |
| 1643 "GOOGLETAGSERVICES_COM", | 1672 "GOOGLETAGSERVICES_COM", |
| 1644 "DROPBOX_COM", | 1673 "DROPBOX_COM", |
| 1645 "YOUTUBE_NOCOOKIE_COM", | 1674 "YOUTUBE_NOCOOKIE_COM", |
| 1646 "2MDN_NET" | 1675 "2MDN_NET" |
| 1647 ] | 1676 ] |
| 1648 } | 1677 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 673313002:
net: add pins and HSTS for Facebook. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master