←back to thread

Google flags Immich sites as dangerous

(immich.app)
1005 points janpio | 1 comments | 22 Oct 25 20:53 UTC | HN request time: 0.225s | source
Show context
arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
replies(16): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #>>45679802 #
o11c ◴[23 Oct 25 00:17 UTC] No.45676781[source]
Is that actually relevant when only images are user content?

Normally I see the PSL in context of e.g. cookies or user-supplied forms.

replies(1): >>45677246 #
dspillett ◴[23 Oct 25 01:37 UTC] No.45677246[source]
> Is that actually relevant when only images are user content?

Yes. For instance in circumstances exactly as described in the thread you are commenting in now and the article it refers to.

Services like google's bad site warning system may use it to indicate that it shouldn't consider a whole domain harmful if it considers a small number of its subdomains to be so, where otherwise they would. It is no guarantee, of course.

replies(1): >>45677880 #
thayne ◴[23 Oct 25 03:30 UTC] No.45677880[source]
Well, using the public suffix list _also_ isolates cookies and treats the subdomains as different sites, which may or may not be desirable.

For example, if users are supposed to log in on the base account in order to access content on the subdomains, then using the public suffix list would be problematic.

replies(1): >>45679231 #
1. dspillett ◴[23 Oct 25 07:35 UTC] No.45679231[source]
Cross domain identity management is a little extra work, but it's far from a difficult problem. I understand the objection to needing to do it when a shared cookie is so easy, but if you want subdomains to be protected from each other because they do not have shared responsibility for each other then it makes sense in terms of privacy & security that they don't automatically share identity tokens and other client-side data.