DEV Community

Khoa Che
Khoa Che

Posted on

How surge.sh handle custom domain permission ?

Today I deployed a static page to a custom domain using http://surge.sh . It works like a charm, but I feel something strange, so I read the guide to add custom domain again and again.

Oh, until now my dumb brain just can't figure out how surge.sh know that the domain is belong to my account! To make sure, I check the guide of Zeit Now, they do have ways to verify by random nameservers or verification code in TXT record.

What magic help surge.sh do that ?

P/S: this comment better clarify my question:

Thanks for your very detail explaination!

But the guide of surge.sh is a static site and it gives the same DNS configuration for everybody! I can complete the DNS configuration without ever logging into surge.sh . All the same:

sub.mydomain.com   3600   IN   CNAME   na-west1.surge.sh
Enter fullscreen mode Exit fullscreen mode

In your case arte-docs.netlify.com is specific to you. Your account obtained that subdomain before.

In my case there's nothing specific to my account. So anyone with an account could literally deploy to my domain like this:

surge . sub.mydomain.com
Enter fullscreen mode Exit fullscreen mode

Disclaimer: I didn't check by another account, just curious!

Top comments (5)

Collapse
 
voanhcuoc profile image
Khoa Che

Thanks for your very detail explaination!

But the guide of surge.sh is a static site and it gives the same DNS configuration for everybody! I can complete the DNS configuration without ever logging into surge.sh . All the same:

sub.mydomain.com   3600   IN   CNAME   na-west1.surge.sh

In your case arte-docs.netlify.com is specific to you. Your account obtained that subdomain before.

In my case there's nothing specific to my account. So anyone with an account could literally deploy to my domain like this:

surge . sub.mydomain.com
Collapse
 
bayuangora profile image
Bayu Angora

How to build and deploy to Surge from mobile?

 
voanhcuoc profile image
Khoa Che

No, I can't find any. Look like domains pointed to surge.sh have internal write access by anyone with an account when it should be private write access by only me (at least in first time deploy).

Thread Thread
 
jr22258920 profile image
Johana Rybářová • Edited

Hi, I think I figured out how it works! Authentication is done by checking if the e-mail of your Surge account and DNS provider is matching. So you need to use the same e-mail for both, otherwise, you will get "Aborted - you do not have permission to publish to..." I hope it helps! :)

Thread Thread
 
voanhcuoc profile image
Khoa Che

Thanks for your answer...

It's seem inflexible to force that policy.