trailofbits/twa

Disable "www" checks for subdomains

sobolevn opened this issue · 3 comments

Thanks for this wonderful tool!
Works like a charm, but.

I am using a domain like some.mysite.com for my web app, twa continues to add www. prefix to it, and surely fails.

So, it really affects the final score and CI process.
Can we please have an option to skip www. checks for subdomains?

I'm unable to replicate this issue, are you using the latest twa release? I've tested against a few domain names I own with subdomains and everything worked fine. Also, make sure you are running twa without the -w flag.

For example: twa google.com This should test the domain without adding www.

Example: twa -w google.com This WILL add the www. subdomain to the test.

Yeah, this is probably a confusion surrounding the -w flag -- you should never pass -w unless you want twa to test both domain.com and www.domain.com.

Leaving open just in case there's a genuine bug here.

Yeap, that was -w.

I would say that this is a documentation issue.
I have totally missed this argument in the examples.

Thanks for guiding me!