Today I deployed a static page to a custom domain using http://surge.sh . It works like a charm, but I feel something strange, so I read the guide to add custom domain again and again.
Oh, until now my dumb brain just can't figure out how surge.sh know that the domain is belong to my account! To make sure, I check the guide of Zeit Now, they do have ways to verify by random nameservers or verification code in TXT record.
What magic help surge.sh do that ?
P/S: this comment better clarify my question:
Thanks for your very detail explaination!
But the guide of surge.sh is a static site and it gives the same DNS configuration for everybody! I can complete the DNS configuration without ever logging into surge.sh . All the same:
sub.mydomain.com 3600 IN CNAME na-west1.surge.sh
In your case arte-docs.netlify.com
is specific to you. Your account obtained that subdomain before.
In my case there's nothing specific to my account. So anyone with an account could literally deploy to my domain like this:
surge . sub.mydomain.com
Disclaimer: I didn't check by another account, just curious!
Top comments (5)
Thanks for your very detail explaination!
But the guide of surge.sh is a static site and it gives the same DNS configuration for everybody! I can complete the DNS configuration without ever logging into surge.sh . All the same:
In your case
arte-docs.netlify.com
is specific to you. Your account obtained that subdomain before.In my case there's nothing specific to my account. So anyone with an account could literally deploy to my domain like this:
How to build and deploy to Surge from mobile?
No, I can't find any. Look like domains pointed to surge.sh have internal write access by anyone with an account when it should be private write access by only me (at least in first time deploy).
Hi, I think I figured out how it works! Authentication is done by checking if the e-mail of your Surge account and DNS provider is matching. So you need to use the same e-mail for both, otherwise, you will get "Aborted - you do not have permission to publish to..." I hope it helps! :)
Thanks for your answer...
It's seem inflexible to force that policy.