andre5oto
commented
1 year ago Feature was shipped on June 14, 2023. See changelogs: https://devcenter.heroku.com/changelog-items/2640 https://devcenter.heroku.com/changelog-items/2597
Closed andre5oto closed 1 year ago
andre5oto
commented
1 year ago Feature was shipped on June 14, 2023. See changelogs: https://devcenter.heroku.com/changelog-items/2640 https://devcenter.heroku.com/changelog-items/2597
noam-honig
commented
1 year ago @andre5oto,
I wanted to say that I'm unhappy with this "feature" that changed small readable urls to long cryptic ones :)
Previously I could create a website with this url: https://br-y.herokuapp.com Now any new website will look like this: https://br-y-b6480a489d97.herokuapp.com
I use the Heroku app url for multiple charity apps that I write - and until now they could have a nice short url, that I could remember and could type.
Now with the new 12 chars suffix - it can't be remembered - and the url is too long, which affects the cost of sms messages that include the url etc....
If I use my own domain, it requires me to create my own ssl certificate and a lot more hassle.
For me, this makes heroku a lot less friendly
Would love to hear back from you
noam-honig
commented
1 year ago @andre5oto , maybe make this optional so that I can choose whether or not I want to risk a subdomain takeover
dsternlicht
commented
1 year ago I agree with @noam-honig this should be optional.
friism
commented
1 year ago (I work at Heroku) Assuming we made TLS and ACM freely available to Eco dynos (which we want to do), would that help address the problem? That way you could add a custom domain of your liking and get TLS on it at no extra cost.
noam-honig
commented
1 year ago (I work at Heroku) Assuming we made TLS and ACM freely available to Eco dynos (which we want to do), would that help address the problem? That way you could add a custom domain of your liking and get TLS on it at no extra cost.
@friism, thanks for getting back to me - Adding TLS and ACM will help me - thanks for that but I still think (as a Heroku fan) that this change increases the adoption barrier - and I believe that it should be optional.
Other providers, such as railway and more allow you to determine your prefix and I really enjoy it.
Hope you'll consider that.
Any idea on the timeline for #125?
Required Terms
What service(s) is this request for?
Heroku Domain Security
Tell us about what you're trying to solve. What challenges are you facing?
Introduce a new format for herokuapp.com domains, which includes a random identifier appended to the subdomain, to mitigate the risk of subdomain takeovers. This prevents attackers from easily impersonating the original app URL and intercepting traffic after an app is deprecated or deleted.