Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 676359 - Add ! and ! to PSL
: Add ! and ! to PSL
Product: Core
Classification: Components
Component: Networking: Domain Lists (show other bugs)
: unspecified
: x86 Mac OS X
: -- normal (vote)
: mozilla13
Assigned To: Jothan Frakes
: Patrick McManus [:mcmanus]
Depends on:
  Show dependency treegraph
Reported: 2011-08-03 13:29 PDT by joat222
Modified: 2012-03-29 12:44 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Description joat222 2011-08-03 13:29:36 PDT
User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1

Steps to reproduce:

i surfed to

Actual results:

it brought up the website

Expected results:

According to the public suffixes list at, should not be a valid domain

I think .ck should be changed as follows:
// ck :
Comment 1 joat222 2011-08-03 13:38:44 PDT
Actually I also discovered the works, so I think that its public suffix entry should be changed in a similar manner to .ck outlined already
Comment 2 Christian :Biesinger (don't email me, ping me on IRC) 2011-08-03 16:11:18 PDT
FWIW, this is not how the public suffix list works. You will always be able to browse to these hosts; public suffix only affects cookies and the like.
Comment 3 joat222 2011-08-03 16:50:52 PDT
I am not primarily concerned with navigating to that site.  I just want to be aware that such a domain is valid.
Comment 4 Jo Hermans 2011-08-03 17:48:26 PDT
It still is - the main problem for them is that they're not able to set a cookie on their own webserver (which they don't actually). And the color in the locationbar is a bit wrong.

The reason is that their name (www) looks like a top-level domain, which is supposed to be out of their control. A hypothetical website is allowed to place cookies on (for use by or, but not on itself. That's because *.ck (all second level domains) are declared a top-level-domain. That's why can't place a cookie on itself.

Gerv: maybe we should make a general exception for websites that look like a complete top-level domain. There's not even a website name here. Granted, this scheme seems only to be used by the main portal of the domain (often 'www') and/or the nic.
Comment 5 Gervase Markham [:gerv] 2011-08-15 09:07:41 PDT
I think we should make exceptions where we know about exceptions :-) if and exist, we should add them as exceptions - and any others people find.

Comment 6 Jothan Frakes 2011-09-30 09:27:19 PDT
There is a lot of variance on the use of www itself in the manner that the .CK or .GT are doing.  There are others, and I also would suggest that the majority of the upcoming .brand new TLDs would want this functionality.  

They will also desire the ability to directly type the brand into the location bar as the URL, and have cookies set or treat the string as an apex.
Comment 7 Gervase Markham [:gerv] 2011-10-26 08:25:24 PDT
Let's not open that can of worms yet. In the mean time, if and need exceptions, can you please produce a patch to add them?

Comment 8 Gervase Markham [:gerv] 2012-02-21 09:07:11 PST

Comment 9 Ed Morley [:emorley] 2012-02-22 10:51:17 PST
Comment 11 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2012-03-05 16:40:26 PST
Is there anything QA can do to verify this fix?

Note You need to log in before you can comment on or make changes to this bug.