Added several more domains to cubecraft.xml.

[martafolf]

Added several HTTPS domains for cubecraft.net.

Added status page redirect for HTTPS on there as well.

[martafolf]

Seems CI is having issues connect to the git repos it needs to complete the checks, hmm.

[fuglede]

This one has a typo (cubecrTaft). Otherwise LGTM.

[martafolf]

Ouch! Thanks for noticing that! :)

[jeremyn]

@marcoslater Are you still interested in working on this?

[martafolf]

@jeremyn Thanks for reminding me of this. I manage that domain, so I do intend to keep updating it. Let me add the latest subdomain to the mix.

There's only one subdomain keeping us from site-wide HSTS, at the moment. :(

[jeremyn]

No problem, thanks for working with us.

• This ruleset has multiple problems. Please update it to look like this:

<!--
	Invalid certificate:
		status.cubecraft.net

-->
<ruleset name="CubeCraft">
	<target host="cubecraft.net" />
	<target host="www.cubecraft.net" />
	<target host="appeals.cubecraft.net" />
	<target host="bb.cubecraft.net" />
	<target host="cdn.cubecraft.net" />
	<target host="jobs.cubecraft.net" />
	<target host="reports.cubecraft.net" />
	<target host="staff.cubecraft.net" />
	<target host="status.cubecraft.net" />
	<target host="store.cubecraft.net" />
	<target host="store-assets.cubecraft.net" />

	<securecookie host=".+" name=".+" />

	<rule from="^http://status\.cubecraft\.net/"
		to="https://cubecraft.statuspage.io/" />

	<rule from="^http:" to="https:" />
</ruleset>

This fixes the following problems:

• Indents with tabs instead of spaces to match our style guide, see here.
• Adds a comment describing the problem with https://status.cubecraft.net .
• Removes the wildcard target, which we discourage. See our style guide linked above.
• Removes tests, which aren't needed here without the wildcard target. The tests also had multiple problems: tests should almost always be http, not https; tests should match targets, so the https://cubecraft.statuspage.io test here wasn't appropriate.
• Adds targets.
• Sorts targets in our preferred way: in alphabetical order starting from the top level domain at the right reading left, moving ^ and www to the top of their group. For example:

example.com
www.example.com
a.example.com
www.a.example.com
b.a.example.com
b.example.com
example.net
www.example.net
a.example.net

• Adds general securecookie.
• Fixes misspelling in the rewrite rule here.

The remaining concerns are:

• Is https://swc.cubecraft.net something you care about? It's getting a Cloudflare error with both HTTPS and plain HTTP, so I'm not sure if it should be added or not. We don't normally add targets that are broken when we check them. Answer is "no", so we can leave this off.
• We like to squash-and-merge rulesets, which means we combine and rewrite commits in your name. Is that all right with you for this and any other pull requests you submit to us?
• Also, when I squash-and-merge, I'd like to delete your individual commit messages. Is that all right?
• https://api.cubecraft.net question in Added several more domains to cubecraft.xml. #6038 (comment). Answered by Added several more domains to cubecraft.xml. #6038 (comment).

[martafolf]

Didn't realise I screwed that one up that badly.

Changed it to reflect your version, also added api.cubecraft.net, as that is used in various places on those pages. (once logged in, at least.)

swc.cubecraft.net was delegated to a third party, clearly they do not intend to keep hold of that. Removed it from our DNS. (Query NS directly if you wish to verify this.)

Feel free to modify my commits however you like.

[jeremyn]

Thanks, that's fine.

For https://api.cubecraft.net , is there a URL for this subdomain we can access without logging in that gets a 200 or 3xx? I don't like to include targets without at least one working domain (see the discussion in #7662).

[jeremyn]

Also don't worry about "screwing it up". Some of my first pull requests here had trouble too. Our documentation could definitely be improved.

[martafolf]

@jeremyn RE: API not having a 200, check / now. :)

[jeremyn]

Thanks, merged.

If/when you get everything HSTS preloaded, feel free to submit another pull request to delete this ruleset. Generally we want all the domains in a ruleset to be preloaded in the stable versions of Firefox, Chrome/ium, and Tor before we delete that ruleset. See #7126 for an extended discussion.

[martafolf]

I am working towards that goal with our last provider, which has a subdomain (status) that does not have HTTPS capabilities. Once done, I can enable HSTS preloading and let you know.

[martafolf]

@jeremyn cubecraft.net is now pending submission to preload list. :)

[jeremyn]

Great!