Add wildcard entries for web.core.windows.net and web.core.usgovcloudapi.net#2987
Draft
macros82 wants to merge 1 commit into
Draft
Add wildcard entries for web.core.windows.net and web.core.usgovcloudapi.net#2987macros82 wants to merge 1 commit into
macros82 wants to merge 1 commit into
Conversation
Need to adjust the entries for both web.core.windows.net & web.core.usgovcloudapi.net to properly isolate static web apps
Member
|
@macros82 please advise once the _PSL TXT records are in place Some approval factors to note:
|
Contributor
|
We previously merged these after only validating the org. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Public Suffix List (PSL) Submission
Checklist of required steps
_pslTXT record in place in the respective zone(s).Submitter affirms the following:
Abuse Contact:
Email Address: abuse@microsoft.com
URL where abuse contact or abuse reporting form can be found: https://msrc.microsoft.com/report/abuse
For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.
To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.
PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.
(Link: about propagation/expectations)
Description of Organization
Microsoft Corporation is a global leader in technology, headquartered in the United States. Its cloud platform, Azure, ranks among the world’s top cloud service providers. Guided by its mission to empower every person and every organization on the planet to achieve more, Microsoft continues to drive innovation and transformation across industries.
Organization Website:
https://www.microsoft.com/
Reason for PSL Inclusion
Promoting these two suffixes to wildcards (*.web.core.windows.net, *.web.core.usgovcloudapi.net) makes each .z.web.core. its own registrable domain, giving every storage account a clean, independent origin boundary. The primary purpose is cookie / origin security isolation between independent customer tenants. This benefits every PSL consumer (browsers, cookie libraries, CORS and same-site logic, certificate scoping). This mirrors the wildcard-only multi-tenant pattern already present in the list (e.g. *.azurecontainer.io). The flat entries are already deployed and in effect, so this change tightens isolation without expanding namespace surface.
These are PRIVATE-section domains under Microsoft-owned registrations (windows.net, usgovcloudapi.net) on Microsoft's corporate registrar; we will maintain >1 year registration term and keep the _psl TXT records in place. We are not seeking to work around any third-party limit.
Number of users this request is being made to serve: Azure currently supports millions of users.
DNS Verification