Comment by robocat
6 years ago
Security flaw? Surely some entity is squatting youtube on some TLD?!
If there is a country TLD of X where Google owns google.X but entity Y owns youtube.X then entity Y gets the X-CLIENT-DATA header information. See usage of IsValidHostName() in code.
Note this would be a privacy flaw which is not covered by the Chrome Rewards program (which only covers security flaws) so I haven’t bothered logging it as a bug since I don’t want to waste my time verifying it for nothing!
https://chromium.googlesource.com/chromium/src/+/master/docs...
like youtube.vg that is available ?