Posted by John Coiner, Software Engineer
Today we are announcing a change to the domain scheme of the Google AMP
Cache.
Beginning soon, the Google AMP Cache will serve each site from its own subdomain
of https://cdn.ampproject.org
. This change will allow content
served from the Google AMP Cache to be protected by the fundamental security
model of the web: the HTML5
origin.
No immediate changes are required for most publishers of AMP documents. However, to benefit from the additional security, it is recommended that all AMP publishers update their CORS implementation in preparation for the new Google AMP Cache URL scheme. The Google AMP Cache will continue to support existing URLs, but those URLs will eventually redirect to the new URL scheme.
The subdomains created by the Google AMP Cache will be human-readable when character limits and technical specs allow, and will closely resemble the publisher's own domain.
When possible, the Google AMP Cache will create each subdomain by first
converting the AMP document domain from IDN (punycode) to UTF-8. Every "-"
(dash) will be replaced with "--"(2 dashes) and every "." (dot) will be replaced
with a "-" (dash). For example, pub.com
will map to
pub-com.cdn.ampproject.org
. Where technical limitations prevent a
human readable subdomain, a one-way hash will be used instead.
Due to the changes described above, CORS endpoints will begin seeing requests with new origins. The following updates will be required:
https://cdn.ampproject.org
and the publisher's own origins must update their systems to accept requests
from https://[pub-com].cdn.ampproject.org
,
https://cdn.ampproject.org
, and the AMP publisher's own origins.
https://*.ampproject.org
as
described in the AMP spec,
can improve security by restricting acceptance to requests from
https://[pub-com].cdn.ampproject.org
,
https://cdn.ampproject.org
, and the AMP publisher's own origins.
Support for https://*.ampproject.org
is no longer necessary.
https://ampbyexample-com.cdn.ampproject.org
), in addition to their own
hosts. For platforms that display AMP documents and serve from the Google AMP Cache, the best way to retrieve Google AMP Cache URLs is to continue using the Google AMP Cache URL API. The Google AMP Cache URL API will be updated in Q1 2017 to return the new cache URL scheme that includes the subdomain.
You can use an interactive tool to find the Google AMP Cache subdomain generated for each site over at ampbyexample.com.
Google Search is planning to begin using the new URL scheme as soon as possible and is monitoring sites' compatibility.
In addition, a developer testing sandbox is available at g.co/ampdemo/cache to help ensure a smooth transition. After making the updates described above, please use the sandbox to test accessing your site via Google Search. The sandbox loads AMP pages using the new domain scheme, so if you spot CORS-related errors in this configuration, these issues should be addressed to avoid errors when the domain scheme change is fully rolled out.