Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Lovable to public_suffix_list.dat #2379

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add Lovable to public_suffix_list.dat #2379

wants to merge 3 commits into from
+5 −0

Conversation

fabhed
Copy link

@fabhed fabhed commented Feb 5, 2025
edited
Loading

Public Suffix List (PSL) Submission

Checklist of required steps

  • Description of Organization

  • Robust Reason for PSL Inclusion

  • DNS verification via dig

  • Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _psl TXT record in place in the respective zone(s).

Submitter affirms the following:

  • We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)
  • This request was not submitted with the objective of working around other third-party limits.
  • The submitter acknowledges that it is their responsibility to maintain the domains within their section. This includes removing names which are no longer used, retaining the _psl DNS entry, and responding to e-mails to the supplied address. Failure to maintain entries may result in removal of individual entries or the entire section.
  • The Guidelines were carefully read and understood, and this request conforms to them.
  • The submission follows the guidelines on formatting and sorting.
  • A role-based email address has been used and this inbox is actively monitored with a response time of no more than 30 days.

Abuse Contact: [email protected]

  • Abuse contact information (email or web form) is available and easily accessible.

    URL where abuse contact or abuse reporting form can be found: https://lovable.dev/abuse

For PRIVATE section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

  • Yes, I understand. I could break my organization's website cookies and cause other issues, and the rollback timing is acceptable. Proceed anyways.

Description of Organization

Lovable is a software company that builds AI-powered developer tools, with a primary focus on helping users generate websites and applications through natural language instructions. The company provides a platform that streamlines the web development process by allowing users to describe their needs in plain English and automatically receive a functional web application.

Lovable operates in the AI and developer tooling space, and its platform is actively used by developers, businesses, and non-technical users looking to generate web applications quickly and efficiently.

The submitter of this request is the CTO and Co-founder at Lovable.

Organization Website:
https://lovable.dev

Reason for PSL Inclusion

Lovable provides managed hosting for user-generated web applications under subdomains of lovable.app (for production) and lovableproject.com (for development). Inclusion in the PRIVATE section of the PSL is necessary to ensure proper security and domain handling, specifically:

  • Cookie Security: Without inclusion in the PSL, browsers may treat lovable.app and lovableproject.com as a single-origin domain, potentially allowing cookies to be shared between different user subdomains. This presents a security risk, as one user’s site could access another user’s cookies. Inclusion in the PSL ensures that each subdomain is treated as a separate site, preventing cross-user cookie access.
  • Browser and Platform Compatibility: Many platforms and services (e.g., Chrome, Firefox, Let’s Encrypt, Cloudflare) use the PSL to define domain boundaries. Listing lovable.app and lovableproject.com in the PSL ensures compatibility with modern security policies.

Lovable commits to maintaining its _psl DNS TXT records and ensuring ongoing compliance with PSL guidelines.

Number of users this request is being made to serve:
Currently hundreds of thousands of users.

DNS Verification

@fabhed fabhed marked this pull request as ready for review February 6, 2025 10:46
@simon-friedberger
Copy link
Contributor

@fabhed Can you qualify your hundreds of thousands of users, please? Are these paid accounts? How many people are actually hosting an active site there and not just temporarily before moving it to their own domain?

@fabhed
Copy link
Author

fabhed commented Feb 6, 2025
edited
Loading

@fabhed Can you qualify your hundreds of thousands of users, please? Are these paid accounts? How many people are actually hosting an active site there and not just temporarily before moving it to their own domain?

Sure. The "hundreds of thousands of users" is referring to the number of users on our platform in total. We have >22k active subscribers. Everyone gets a preview subdomain by default, in total 62k unique users have explicitly published a project under the subdomain.

Hope that helps. @simon-friedberger

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fabhed @simon-friedberger