You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently custom domain function is assuming a cooperative model, where domain ownership is not verified. In a more strict environment, we may want to require apps to prove ownership of the custom domain before serving the content.
Expected user flow:
A custom domain is added to the app by updating config.
User is prompted to add DNS record on the custom domain to prove ownership of domain.
User added DNS record to domain.
User run command to request server to check domain.
Server fetch DNS record and check against the expected ownership record.
Server mark the custom domain as verified if check passed.
Some implementation details:
Custom domain verification should be opt-in via a server config flag.
Current domain_association table stores the active custom domain records, so another table would be used to store domain verification related data.
Two apps can request the same domain, but only one of the app should pass.
The DNS record should be a TXT record with a server-specific prefix, e.g. abcdef._pageship.example.com "123456", where abcdef is a server-specific random string, and 123456 is an app-specific random string.
If TXT record is no longer present, the domain association should be invalidated soon.
Verification should be performed as a background job.
Let verification record has 4 possible state: 'inactive', 'pending', 'active'
When an app added a custom domain, create the corresponding verification record with initial state 'inactive'.
When an app requested verification, mark the corresponding verification record as 'pending'.
Every minute, fetch at most one 'pending' record and at most one 'active' record, that is least recently checked.
Check the DNS record for the fetched records.
If passed and state is not 'active', set it as 'active' and update domain association
If failed: set it as 'inactive' and update domain association if needed
Commands should be updated to show verification related info.
For custom domain association without corresponding verification record, they would be ignored for verification purpose and remain active, until another app attempts to verify the same domain.
If the verification passed, it is replaced by the app.
If the verification failed, it remains unchanged and active.
The text was updated successfully, but these errors were encountered:
ref #5
Currently custom domain function is assuming a cooperative model, where domain ownership is not verified. In a more strict environment, we may want to require apps to prove ownership of the custom domain before serving the content.
Expected user flow:
Some implementation details:
domain_associationtable stores the active custom domain records, so another table would be used to store domain verification related data.abcdef._pageship.example.com "123456", whereabcdefis a server-specific random string, and123456is an app-specific random string.The text was updated successfully, but these errors were encountered: