net/http/transport_security_state_static.json - Issue 673313002: net: add pins and HSTS for Facebook.

Unified Diff: net/http/transport_security_state_static.json

Issue 673313002: net: add pins and HSTS for Facebook. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Refresh patch. Created 6 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/transport_security_state_static.json

diff --git a/net/http/transport_security_state_static.json b/net/http/transport_security_state_static.json

index 06ad36173bb1d3c42a9fb5489fe9d2fa06c71e2b..f9be643fdf0bff5c1d76a5122782970bb6c277b5 100644

--- a/net/http/transport_security_state_static.json

+++ b/net/http/transport_security_state_static.json

@@ -177,6 +177,15 @@

"ThawtePrimaryRootCA_G3",

"ThawtePrimaryRootCA"

]

+ },

+ {

+ "name": "facebook",

+ "static_spki_hashes": [

+ "SymantecClass3EVG3",

+ "DigiCertECCSecureServerCA",

+ "DigiCertEVRoot",

+ "FacebookBackup"

+ ]

}

@@ -1382,7 +1391,27 @@

{ "name": "southside-crew.com", "include_subdomains": true, "mode": "force-https" },

{ "name": "tickopa.co.uk", "include_subdomains": true, "mode": "force-https" },

{ "name": "wieninternational.at", "include_subdomains": true, "mode": "force-https" },

- { "name": "fleximus.org", "include_subdomains": true, "mode": "force-https" }

+ { "name": "fleximus.org", "include_subdomains": true, "mode": "force-https" },

+ // Facebook would like to have pinning enforced on (*.)facebook.com and

+ // HSTS enforced on specific names. We can't (yet) represent that in JSON

+ // So we're currently only applying pinning on the specific names.

+ { "name": "facebook.com", "mode": "force-https", "pins": "facebook" },

+ { "name": "www.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "m.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "tablet.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "secure.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "pixel.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "apps.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "upload.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "developers.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "touch.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "mbasic.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "code.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "t.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "mtouch.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "business.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },

+ { "name": "research.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" }

// |ReportUMAOnPinFailure| uses these to report which domain was associated

« no previous file with comments | « net/http/transport_security_state_static.certs ('k') | no next file » | no next file with comments »