←back to thread

Google flags Immich sites as dangerous

(immich.app)
706 points janpio | 1 comments | 22 Oct 25 20:53 UTC | HN request time: 0.208s | source
Show context
arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
replies(15): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #
1. 827a ◴[23 Oct 25 01:55 UTC] No.45677341[source]
They aren't hosting user content; it was their pull request preview domains that was triggering it.

This is very clearly just bad code from Google.