Confirmed users
299
edits
Privacy/Features/HSTS Preload List: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 29: | Line 29: | ||
Google maintains a list in their chrome source (https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.json -- look for mode=force-https). We can use this list, since Google has invested in maintaining and sharing it. | Google maintains a list in their chrome source (https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.json -- look for mode=force-https). We can use this list, since Google has invested in maintaining and sharing it. | ||
|Feature implementation plan=* Create mechanism to import JSON-formatted HSTS data into the permission manager | |||
* Create mechanism in the build system or release system to suck down chrome's list and scrub it | |||
** This will be in a small repo separate from the main source tree | |||
** A cron job will run a python script that will download chrome's list, reformat it to our specifications, and check it into the repo | |||
** The build/release system will grab this reformatted file and use it | |||
** Currently ssh://hg.mozilla.org/users/dkeeler_mozilla.com/sts-preload has an early version of this script and its output | |||
* Create mechanism by which URLs endpoints can be used as subscription endpoints (maybe use hidden prefs at first?) | |||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||