|
|
|
|
|
|
by fancyremarker
1165 days ago
|
|
|
I work at Aptible, another PaaS that follows the same host pattern you describe for providing one-off addresses when someone doesn't want to bring their own domain. The reasons you stated are both valid, along with the fact that a single domain means we don't need to _register_ new domains for every customer app. Another note: we use `on-aptible.com` for our hosted app domains, separate from `aptible.com` for an important security reason: it is a second line of defense in avoiding cookie/CORS attacks (the first line of defense being setting cookies we control in a single subdomain and avoiding wildcards for CORS). A related important measure for a PaaS using a single domain for subdomains owned by different accounts is to register that domain on the Public Suffix List [0], which prevents "supercookies" being set across these separately-owned subdomains. [0] https://publicsuffix.org/ |
|
|