←back to thread

Google flags Immich sites as dangerous

(immich.app)
706 points janpio | 2 comments | 22 Oct 25 20:53 UTC | HN request time: 0.471s | source
Show context
arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
replies(15): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #
CaptainOfCoit ◴[23 Oct 25 01:08 UTC] No.45677080[source]
I think it's somewhat tribal webdev knowledge that if you host user generated content you need to be on the PSL otherwise you'll eventually end up where Immich is now.

I'm not sure how people not already having hit this very issue before is supposed to know about it beforehand though, one of those things that you don't really come across until you're hit by it.

replies(3): >>45677097 #>>45677221 #>>45677257 #
1. no_wizard ◴[23 Oct 25 01:33 UTC] No.45677221[source]
I’ve been doing this for at least 15 years and it’s the first I heard of this.

Fun learning new things so often but I never once heard of the public suffix list.

That said, I do know the other best practices mentioned elsewhere

replies(1): >>45677554 #
2. foobarian ◴[23 Oct 25 02:33 UTC] No.45677554[source]
First rule of the public suffix list...