Misleading UX in HSTSPreload.org site

[Eric Lawrence]

A customer accidentally marked their site as eligible for preload and preloaded it. https://groups.google.com/u/2/a/chromium.org/g/hstspreload/c/fW7olW1JFys

The HSTSPreload.org website claims "Status: merck.com was previously rejected from the preload list for the following reason: Domain was added and removed without being preloaded."

In reality, this domain was preloaded for M94 and M95 before being removed in M96.

Is it a bug that the server claims that the domain was removed "without being preloaded"?

[Nick Harper]

This is a bug in https://github.com/chromium/hstspreload.org/blob/8c863d498916802973bde3c55cebd466f5e215ca/api/update.go that doesn't handle the state transition from database.StatusPendingRemoval to database.StatusRemoved correctly. This bug has been around for a long time.

--
You received this message because you are subscribed to the Google Groups "HSTS Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to hsts-discuss...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/hsts-discuss/9d92cfe5-9a60-4744-8e23-9789a31552fbn%40chromium.org.