[ad_1]
With the launch of Chrome 69, Google has decided to remove the subdomains "www" and "m" from the URL displayed in the address bar of Chrome. For example, when a user visits www.bleepingcomputer.com, the website will be removed and displayed as bleepingcomputer.com in the address bar.
When this was discovered, users and security experts expressed concern that this new behavior would create confusion for users who might think they were going to a particular site, but could made to be completely different. In addition, because of bugs in this implementation, the string "www" could be incorrectly removed and thus display an incorrect URL in the address bar.
Chrome is now hiding "trivial" subdomains in the URL bar (www[.]field[.]com only shows the domain[.]com). This is totally wrong, and buggy like hell: / https://t.co/D1KlquA09V
– x0rz (@ x0rz) September 7, 2018
As stated by a Chrome developer in the behavior bug report, the www and m (for mobile) subdomains are classified by Google as "trivial" subdomains because they believe that most
"Subdomains reappear when editing the URL for users to type the correct. They disappear in the case of stable display because this is not information that most users should be concerned in the rare cases where www.foo.com is not the same thing as foo.com (note: this will not please almost all real-world users; configure your server like this seems bad movement even though it's technically legal because people will access the wrong thing, and this has been true for some time and regardless of changes to the Chrome UI.
There are several real bugs here though:
www.www.2ld.tld should become www.2ld.tld, not 2ld.tld (we should delete at most one m and www.)
subdomain.www.domain.com should be left as is, not under domain.domain.com (should only remove prefixes) "
For many users, however, this logic does not make sense because domain.com does not always go to the same site as www.domain.com and will only confuse users.
"It's a stupid change, no part of a domain should be considered" trivial. "As an ISP, we often have to go to great lengths to teach users that" www.domain.com " and "domaine.com" are two: The marketing world has done a lot of hard work to convince people that "www" is both ubiquitous and non-essential, whereas in fact, for some areas, the use or lack of this can be very important to get to the right place. "
Another example given in the bug report was that the www.pool.ntp.org address is a website, while the stripped URL appears in Chrome under the name pool.ntp.org, which is a random NTP server.
"How are you going to distinguish http://www.pool.ntp.org vs http://pool.ntp.org?
One will take you to the project website, the other goes to a random ntp server. "
Finally, another commentator shows how the string "www" can be removed incorrectly and thus displays an incorrect URL due to bugs in the implementation.
"Enter the address bar:
http://www.example.www.example.com
This shortens it:
exemple.exemple.com
WTF? How www.example.www.example.com === example.example.com? "
How Chrome 69 decides to strip a subdomain
From the Chromium source code, Chrome 69 has a function called IsTrivialSubdomain () that checks whether a subdomain is "www" or "m". If the subdomain is "www", the function returns true, and if Chrome is used on Android or iOS, returns true for subdomain "m".
If the function returns true, Chrome removes the subdomain from the URL when it is displayed in the address bar.
private:
static bool IsTrivialSubdomain (subdomain base :: StringPiece) {
if (subdomain == "www")
returns true
#if defined (OS_ANDROID) || defined (OS_IOS)
// Eliminate the "m" subdomain on Desktop can be confusing because users
He usually wants to know if they are involuntarily on the mobile site.
if (subdomain == "m")
return true;
#end if
return false;
}How to stop skinning trivial subdomains
Because of the confusion and potential security risks of this new feature, it is suggested that users disable the removal of trivial subdomains. To disable the removal of trivial subdomains, follow these steps:
- Open the Chrome browser and enter chrome: // flags / # omnibox-ui-hide-stable-url-scheme-and-subdomains in the address bar. Then press Enter.
- Chrome will open a page displaying the "Omnibox UI Hide Steay-State URL Scheme and Trivial Subdomains" setting. Change these settings to disabled.
- The browser will then display a prompt that you need to restart the browser for the setting to take effect. Click on the "Now restart"button and the browser will restart.
- Now that the setting is off, you will see the complete addresses of the site you are visiting in the address bar, as shown below.
Full addresses are displayed again in the Chrome 69 address bar
[ad_2]
Source link
