chrome/browser/resources/net_internals/domain_security_policy_view.html - chromium/src.git - Git at Google

 <style>
   #domain-security-policy-view-tab-content tt {
     word-wrap: break-word;
   }
 </style>

 <!-- HSTS/PKP/Expect-CT tab -->
 <div id=domain-security-policy-view-tab-content class=content-box>
   <!-- This UI allows a user to query and update the browser's list of
        HSTS/PKP/Expect-CT domains. -->

   <h3>HSTS/PKP</h3>

   <div class=deindent-header>
     HSTS is HTTP Strict Transport Security: a way for sites to elect to
     always use HTTPS. See <a href="https://www.chromium.org/hsts" target=_blank>
     https://www.chromium.org/hsts</a>. PKP is Public Key Pinning: a way for sites
     to "pin" themselves to particular public keys that must appear in their
     certificate chain. See
     <a href="https://tools.ietf.org/html/rfc7469" target=_blank>https://tools.ietf.org/html/rfc7469</a>.</div>

   <h4>Add HSTS/PKP domain</h4>

   <p>Input a domain name to add it to the HSTS/PKP set:</p>
   <form id=hsts-view-add-form>
     Domain: <input type=text id=hsts-view-add-input type="url"
              placeholder="example.com"><br>
     <label>Include subdomains for STS: <input type="checkbox" id=hsts-view-check-sts-input></label><br>
     <label>Include subdomains for PKP: <input type="checkbox" id=hsts-view-check-pkp-input></label><br>
     <label>Public key fingerprints: <input type=text id=hsts-view-add-pins style="width: 25em; max-width: 100%;"></label><br>
     <p style="font-size: small; color: #767676; font-style: italic; margin-left: 2em; max-width: 40em; max-width: 100%;">(public key fingerprints are comma separated and consist of the hash function followed by a foreslash and the base64 encoded fingerprint, for example <tt>sha256/7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</tt>)</p>
     <input type=submit value="Add" id=hsts-view-add-submit>
   </form>

   <h4>Query HSTS/PKP domain</h4>

   <p>Input a domain name to query the current HSTS/PKP set:</p>
   <form id=hsts-view-query-form>
     Domain: <input type=text id=hsts-view-query-input type="url"
              placeholder="example.com">
     <input type=submit value="Query" id=hsts-view-query-submit>
   </form>
   <div style="margin-top: 1em; margin-left: 2em;" id=hsts-view-query-output></div>


   <h3>Expect-CT</h3>

   <div class=deindent-header>
     Expect-CT allows sites to elect to always require valid Certificate
     Transparency information. See
     <a href="https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct" target=_blank>https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct</a>.</div>

   <h4>Add Expect-CT domain</h4>

   <p>Input a domain name to add it to the Expect-CT set. Leave Enforce unchecked
      to configure Expect-CT in report-only mode.</p>
   <form id=expect-ct-view-add-form>
     <div><label>Domain: <input type=text id=expect-ct-view-add-input type="url"
              placeholder="example.com"></label></div>
     <div><label>Report URI (optional):
       <input type=text id=expect-ct-view-add-report-uri-input type="url"
              placeholder="https://reporting.example.com/expect-ct"></label>
     </div>
     <div><label>Enforce:
       <input type="checkbox" id=expect-ct-view-check-enforce-input></label>
     </div>
     <input type=submit value="Add" id=expect-ct-view-add-submit>
   </form>

   <h4>Query Expect-CT domain</h4>

   <p>Input a domain name to query the current Expect-CT set:</p>
   <form id=expect-ct-view-query-form>
     <label>Domain: <input type=text id=expect-ct-view-query-input type="url"
              placeholder="example.com"></label>
     <input type=submit value="Query" id=expect-ct-view-query-submit>
   </form>
   <div style="margin-top: 1em; margin-left: 2em;"
     id=expect-ct-view-query-output>
   </div>

   <h4>Send test Expect-CT report</h4>

   <p>Trigger a test report to the given report URI. The report will contain a
     hostname of "expect-ct-report.test" and dummy data in other fields.</p>
   <form id=expect-ct-view-test-report-form>
     <label>Report URI: <input type=text id=expect-ct-view-test-report-uri
                               type="url"></label>
     <input type=submit value="Send" id=expect-ct-view-test-report-submit>
   </form>
   <div style="margin-top: 1em; margin-left: 2em;"
     id=expect-ct-view-test-report-output>
   </div>

   <h3>Delete domain security policies</h3>

   <p>
     Input a domain name to delete its dynamic domain security policies (HSTS,
     HPKP, and Expect-CT). (<i>you cannot delete preloaded entries</i>):
   </p>
   <form id=domain-security-policy-view-delete-form>
     <label>Domain: <input type=text id=domain-security-policy-view-delete-input
              type="url"
              placeholder="example.com"></label>
     <input type=submit value="Delete"
       id=domain-security-policy-view-delete-submit>
   </form>

 </div>
	<style>
	#domain-security-policy-view-tab-content tt {
	word-wrap: break-word;
	}
	</style>

	<!-- HSTS/PKP/Expect-CT tab -->
	<div id=domain-security-policy-view-tab-content class=content-box>
	<!-- This UI allows a user to query and update the browser's list of
	HSTS/PKP/Expect-CT domains. -->

	<h3>HSTS/PKP</h3>

	<div class=deindent-header>
	HSTS is HTTP Strict Transport Security: a way for sites to elect to
	always use HTTPS. See <a href="https://www.chromium.org/hsts" target=_blank>
	https://www.chromium.org/hsts</a>. PKP is Public Key Pinning: a way for sites
	to "pin" themselves to particular public keys that must appear in their
	certificate chain. See
	<a href="https://tools.ietf.org/html/rfc7469" target=_blank>https://tools.ietf.org/html/rfc7469</a>.</div>

	<h4>Add HSTS/PKP domain</h4>

	<p>Input a domain name to add it to the HSTS/PKP set:</p>
	<form id=hsts-view-add-form>
	Domain: <input type=text id=hsts-view-add-input type="url"
	placeholder="example.com"><br>
	<label>Include subdomains for STS: <input type="checkbox" id=hsts-view-check-sts-input></label><br>
	<label>Include subdomains for PKP: <input type="checkbox" id=hsts-view-check-pkp-input></label><br>
	<label>Public key fingerprints: <input type=text id=hsts-view-add-pins style="width: 25em; max-width: 100%;"></label><br>
	<p style="font-size: small; color: #767676; font-style: italic; margin-left: 2em; max-width: 40em; max-width: 100%;">(public key fingerprints are comma separated and consist of the hash function followed by a foreslash and the base64 encoded fingerprint, for example <tt>sha256/7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=</tt>)</p>
	<input type=submit value="Add" id=hsts-view-add-submit>
	</form>

	<h4>Query HSTS/PKP domain</h4>

	<p>Input a domain name to query the current HSTS/PKP set:</p>
	<form id=hsts-view-query-form>
	Domain: <input type=text id=hsts-view-query-input type="url"
	placeholder="example.com">
	<input type=submit value="Query" id=hsts-view-query-submit>
	</form>
	<div style="margin-top: 1em; margin-left: 2em;" id=hsts-view-query-output></div>


	<h3>Expect-CT</h3>

	<div class=deindent-header>
	Expect-CT allows sites to elect to always require valid Certificate
	Transparency information. See
	<a href="https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct" target=_blank>https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct</a>.</div>

	<h4>Add Expect-CT domain</h4>

	<p>Input a domain name to add it to the Expect-CT set. Leave Enforce unchecked
	to configure Expect-CT in report-only mode.</p>
	<form id=expect-ct-view-add-form>
	<div><label>Domain: <input type=text id=expect-ct-view-add-input type="url"
	placeholder="example.com"></label></div>
	<div><label>Report URI (optional):
	<input type=text id=expect-ct-view-add-report-uri-input type="url"
	placeholder="https://reporting.example.com/expect-ct"></label>
	</div>
	<div><label>Enforce:
	<input type="checkbox" id=expect-ct-view-check-enforce-input></label>
	</div>
	<input type=submit value="Add" id=expect-ct-view-add-submit>
	</form>

	<h4>Query Expect-CT domain</h4>

	<p>Input a domain name to query the current Expect-CT set:</p>
	<form id=expect-ct-view-query-form>
	<label>Domain: <input type=text id=expect-ct-view-query-input type="url"
	placeholder="example.com"></label>
	<input type=submit value="Query" id=expect-ct-view-query-submit>
	</form>
	<div style="margin-top: 1em; margin-left: 2em;"
	id=expect-ct-view-query-output>
	</div>

	<h4>Send test Expect-CT report</h4>

	<p>Trigger a test report to the given report URI. The report will contain a
	hostname of "expect-ct-report.test" and dummy data in other fields.</p>
	<form id=expect-ct-view-test-report-form>
	<label>Report URI: <input type=text id=expect-ct-view-test-report-uri
	type="url"></label>
	<input type=submit value="Send" id=expect-ct-view-test-report-submit>
	</form>
	<div style="margin-top: 1em; margin-left: 2em;"
	id=expect-ct-view-test-report-output>
	</div>

	<h3>Delete domain security policies</h3>

	<p>
	Input a domain name to delete its dynamic domain security policies (HSTS,
	HPKP, and Expect-CT). (<i>you cannot delete preloaded entries</i>):
	</p>
	<form id=domain-security-policy-view-delete-form>
	<label>Domain: <input type=text id=domain-security-policy-view-delete-input
	type="url"
	placeholder="example.com"></label>
	<input type=submit value="Delete"
	id=domain-security-policy-view-delete-submit>
	</form>

	</div>