Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App verification does not work when eTLD not in publicsuffixlist #3844

Open
langurmonkey opened this issue Sep 10, 2024 · 5 comments
Open

App verification does not work when eTLD not in publicsuffixlist #3844

langurmonkey opened this issue Sep 10, 2024 · 5 comments

Comments

@langurmonkey
Copy link

langurmonkey commented Sep 10, 2024
edited
Loading

My app uses an App ID that contains a domain and a subdomain (de.uni_heidelberg.zah.GaiaSky), but when I start the verification process the subdomain seems to be ignored:

Verify your app ID to indicate that your Flathub upload is approved by the app developer. You'll need to prove that you have control of the app via a website on the app's domain or by checking access to the app's account on a source code hosting site. The verified badge will be shown alongside the app name, publisher name, and the way that the app ID was verified.
Create a page at https://uni-heidelberg.de/.well-known/org.flathub.VerifiedApps.txt containing the following token:

Obviously, I don't control uni-heidelberg.de.

I've followed flathub/flathub#4943 and #3259 (both fixed), but the fix seems to work only for suffixes in a PSL, so arbitrary subdomains in the App ID are not really included.
Should this be working with subdomains also? If not, is there a way to have it verified manually?

More context: flathub/de.uni_heidelberg.zah.GaiaSky#57
@bbhtt
Copy link
Contributor

bbhtt commented Sep 10, 2024

The problem seems to be that uni-heidelberg.de is not in public suffix list https://publicsuffix.org/list/public_suffix_list.dat, so the library being used to calculate the domain for verification is returning the toplevel uni-heidelberg.de instead of zah.uni-heidelberg.de

@bbhtt
Copy link
Contributor

bbhtt commented Sep 10, 2024

The owner of uni-heidelberg.de can submit it to PSL https://publicsuffix.org/submit/ then supposedly it should return the correct domain.

@langurmonkey
Copy link
Author

langurmonkey commented Sep 11, 2024
edited
Loading

The owner of uni-heidelberg.de can submit it to PSL https://publicsuffix.org/submit/ then supposedly it should return the correct domain.

I'm afraid this is not gonna happen, unfortunately. I'll try to contact the university computing center, but in the case of a negative answer, would it be possible to verify manually?

@bbhtt
Copy link
Contributor

bbhtt commented Sep 12, 2024
edited
Loading

It's possible yes, but there are some other apps affected too whose top level domain is not in PSL

@langurmonkey
Copy link
Author

Should I send an email to the admins to get verified manually, as suggested in the docs?

@bbhtt bbhtt mentioned this issue Oct 2, 2024
Closed
@bbhtt bbhtt mentioned this issue Nov 13, 2024
Closed
5 tasks
@bbhtt bbhtt changed the title App verification with subdomain App verification does not work when eTLD not in publicsuffixlist Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@langurmonkey @bbhtt