User Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1
Steps to reproduce:
i surfed to www.ck
it brought up the website www.ck
According to the public suffixes list at http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1, www.ck should not be a valid domain
I think .ck should be changed as follows:
// ck : http://en.wikipedia.org/wiki/.ck
Actually I also discovered the www.gt works, so I think that its public suffix entry should be changed in a similar manner to .ck outlined already
FWIW, this is not how the public suffix list works. You will always be able to browse to these hosts; public suffix only affects cookies and the like.
I am not primarily concerned with navigating to that site. I just want to be aware that such a domain is valid.
It still is - the main problem for them is that they're not able to set a cookie on their own webserver (which they don't actually). And the color in the locationbar is a bit wrong.
The reason is that their name (www) looks like a top-level domain, which is supposed to be out of their control. A hypothetical example.co.ck website is allowed to place cookies on example.co.ck (for use by www1.example.co.ck or www2.example.co.ck), but not on co.ck itself. That's because *.ck (all second level domains) are declared a top-level-domain. That's why www.ck can't place a cookie on ww.ck itself.
Gerv: maybe we should make a general exception for websites that look like a complete top-level domain. There's not even a website name here. Granted, this scheme seems only to be used by the main portal of the domain (often 'www') and/or the nic.
I think we should make exceptions where we know about exceptions :-) if www.ck and www.gt exist, we should add them as exceptions - and any others people find.
There is a lot of variance on the use of www itself in the manner that the .CK or .GT are doing. There are others, and I also would suggest that the majority of the upcoming .brand new TLDs would want this functionality.
They will also desire the ability to directly type the brand into the location bar as the URL, and have cookies set or treat the string as an apex.
Let's not open that can of worms yet. In the mean time, if www.ck and www.gt need exceptions, can you please produce a patch to add them?
Is there anything QA can do to verify this fix?