diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-06 20:18:33 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-06 20:18:33 +0000 |
| commit | 6dbfac47e4b666380d22c1337d2002a05a9d3303 (patch) | |
| tree | 91aa1a62a650b14a526c8bb56ae6d9bdecdf7448 /net/http | |
| parent | bff4507ff7d50a92f305d29feebbe47706e7c50e (diff) | |
| download | chromium_src-6dbfac47e4b666380d22c1337d2002a05a9d3303.zip chromium_src-6dbfac47e4b666380d22c1337d2002a05a9d3303.tar.gz chromium_src-6dbfac47e4b666380d22c1337d2002a05a9d3303.tar.bz2 | |
net: don't include subdomains for play.google.com HSTS.
BUG=327834
R=palmer@chromium.org
Review URL: https://codereview.chromium.org/125313002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@243153 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http')
| -rw-r--r-- | net/http/transport_security_state_static.h | 2 | ||||
| -rw-r--r-- | net/http/transport_security_state_static.json | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/net/http/transport_security_state_static.h b/net/http/transport_security_state_static.h index 6b01cfc..5b87861 100644 --- a/net/http/transport_security_state_static.h +++ b/net/http/transport_security_state_static.h @@ -390,7 +390,7 @@ static const struct HSTSPreload kPreloadedSTS[] = { {17, true, "\004goto\006google\003com", true, kGooglePins, DOMAIN_GOOGLE_COM }, {18, true, "\005cloud\006google\003com", true, kGooglePins, DOMAIN_GOOGLE_COM }, {18, true, "\005glass\006google\003com", true, kGooglePins, DOMAIN_GOOGLE_COM }, - {17, true, "\004play\006google\003com", true, kGooglePins, DOMAIN_GOOGLE_COM }, + {17, false, "\004play\006google\003com", true, kGooglePins, DOMAIN_GOOGLE_COM }, {20, true, "\006market\007android\003com", true, kGooglePins, DOMAIN_ANDROID_COM }, {26, true, "\003ssl\020google-analytics\003com", true, kGooglePins, DOMAIN_GOOGLE_ANALYTICS_COM }, {18, true, "\005drive\006google\003com", true, kGooglePins, DOMAIN_GOOGLE_COM }, diff --git a/net/http/transport_security_state_static.json b/net/http/transport_security_state_static.json index ad693a2..82164e3 100644 --- a/net/http/transport_security_state_static.json +++ b/net/http/transport_security_state_static.json @@ -181,7 +181,8 @@ { "name": "goto.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, { "name": "cloud.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, { "name": "glass.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, - { "name": "play.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, + // play.google.com doesn't have include_subdomains because of crbug.com/327834. + { "name": "play.google.com", "mode": "force-https", "pins": "google" }, // Other Google-related domains that must use HTTPS. { "name": "market.android.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, |