pre-populate cert-search form with a GET param

[jvanasco]

I am leveraging links to LetsDebug in my client, and hoping to pre-populate the forms, so users can just hit "submit" once the page loads.

This works as I had hoped:

https://letsdebug.net/?domain=GET.example.com

This does not, and it would be nice if it could!

https://tools.letsdebug.net/cert-search?domain=GET.example.com

[GermanCoding]

The search tool names its parameters differently (I think because it also supports raw SQL queries):

https://tools.letsdebug.net/cert-search?m=domain&q=<domain>&d=<in the last n hours>

However, it also directly starts the search (not only pre-populating the form) right away, not sure if that's what you're looking for.

The search tool unfortunately currently suffers from crt.sh slowness, causing lots of failed searches (error messages from crt.sh's load balancer, plain timeouts...). It does usually work if you hit retry enough times, but it isn't exactly great UX. I had hoped that crt.sh's recent database migration (they moved to a different DC) would help with the load, but the SQL-based search still appears wonky.

[jvanasco]

However, it also directly starts the search (not only pre-populating the form) right away, not sure if that's what you're looking for.

Interesting. Usually forms are guarded to only process on POST.

I'll just link to the page without a querystring arg, and let users decide to continue or not.

[GermanCoding]

Interesting. Usually forms are guarded to only process on POST.

That's because this is not a form per se, but a Vue.js SPA. The entire form is processed client-side, there's no traditional POST'ing going on. The client SPA forms an SQL query and then uses a proxy provided by Let's Debug (as browsers can't really do PGSQL connections by themselves) to talk to crt.sh.

There's always a security consideration to these things, like CSRF and friends. This isn't really a concern for this use case though.