search

sendgrid / docs

Repository of Twilio SendGrid's product documentation.
https://sendgrid.com/docs
MIT License
235 stars 967 forks source link

Link Branding doesn't work with HSTS domains #5496

Closed cilliemalan closed 3 years ago

cilliemalan commented 5 years ago

Expected content

Perhaps there should be something in the documentation noting that link branding doesn't utilize https and thus won't work for HSTS domains where IncludeSubdomains is set. If one were to enable link branding with a hsts domain the links would be unusable and would only show a security error page when clicked.

This problem may be mitigated by not specifying IncludeSubdomains for sites on the top level domain. However, if IncludeSubdomains is already set with the recommended expiry of 6 months or if preload is specified, it would probably be too late already.

Actual content

N/A

Link to page: https://sendgrid.com/docs/ui/account-and-settings/how-to-set-up-link-branding/

kylearoberts commented 5 years ago

@cilliemalan

Sorry you ran into trouble with this. To get link branding to work with HSTS you need to use a CDN to hand the certificate handoffs. I would recommend taking a look at the docs here.

sopelt commented 4 years ago

@kylearoberts having a CDN works ... in times of letsencrypt ... sendgrid could handle SSL termination as well?! Just a thought ;)

puco commented 4 years ago

Or maybe a check before setting up the link branding. If you can verify DNS records you can also ping to see if there is a HSTS header present.