Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
> Getting a domain listed is pretty hard.
I disagree. I've made two PRs [1] to that list to add domains where we assign subdomains to mutually untrusted parties to ensure proper cookie security for these.
Both times the turn-around times were less than a week. In my first PR I even made a small mistake, because I did not read the instructions correctly. I promptly corrected it (< 5 minutes later) and the maintainer then merged my PR like 2 minutes later.
However I properly researched what the PSL does for us and what it does not before filing the PR. Also the domains do not hold anything other than customer data (similar to github.io).
[1] https://github.com/publicsuffix/list/pulls?q=is%3Apr+author%...
Before you begin to make use of the PSL, consider some of its problems: https://github.com/sleevi/psl-problems
FWIW, the link above successfully convinced me and a coworker not to use the PSL.
Small plug for a random python tool I maintain that uses this.
Parsing domains is a pain in the ass. It can be impossible to know what is part of tld, what is a subdomain etc without a canonical list and parser.
Here's a sansio domain / tld splitter: https://github.com/theelous3/sansio-tld-parser
Usecase: you want to block all edu domains - but tlds like wa.edu.au exists - gotta parse it out.