logoalt Hacker News

estyesterday at 4:15 AM2 repliesview on HN

It's fun and all, is there a way to safely host .html but does not allow rendering it?

CORS? sec-fetch-dest, sec-fetch-mode and sec-fetch-site ?

If storage.googleapis.com weren't operated by Google, the domain would be blocked by Google's "Safe Browsing" long time ago.

Replies

gruezyesterday at 4:22 AM

Serve it with content-type set to text/plain and browsers won't try to render it. You can try a random html file on github. If you click raw it'll get rendered as text.

show 1 reply
kccqzyyesterday at 5:13 AM

> If storage.googleapis.com weren't operated by Google, the domain would be blocked by Google's "Safe Browsing" long time ago.

Not true. You just need to make it an eTLD by adding it to the public suffix list. Only subdomains of domains on the PSL can be marked by Google’s Safe Browsing.