Allow servers that block port 80 to preload #47
Comments
|
I think that's reasonable, and I expect we'll implement it in the future. However, very few sites (like, 1 every few months) ask to be preloaded without allowing connections on port 80. In general, I think it is good to keep enforcing a common best practice. If you have such a site, I'm happy to verify the other requirements and add it manually for now. |
|
@lgarron Thank you! No, I don't have such a site to preload. It's just a suggestion that came up to my mind when I saw a website that did so. |
|
Cool. :-) The tracking bug for this is in the project for the core library; I'll close this bug in favor of that one: chromium/hstspreload#74 |
|
Got another email about this today. Let's keep this open as a feature request for automated submission. |
|
Another one today. (Just commenting to keep track of cadence.) |
|
And yesterday 3 domains ;-) |
|
There have been a lot more requests for this as of the last few weeks, so I spent the time to implement this, and preloading without port 80 now supported. |
The second requirement says: "Redirect from HTTP to HTTPS on the same host." I'd like to suggest changing it to "redirect from HTTP to HTTPS on the same host, or don't allow connections to port 80". The reason is that some servers may want to completely block plaintext HTTP if the domain is not visited by users directly (such as image, JavaScript hosting domains).
The text was updated successfully, but these errors were encountered: