Clarify requirement prohibiting subdomains

freedomofpress · Sep 3, 2024 · 8f92af6 · 8f92af6
1 parent 4ed2583
commit 8f92af6
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/docs/admin/deployment/landing_page.rst b/docs/admin/deployment/landing_page.rst
@@ -140,10 +140,11 @@ let us know and we can remove your instance from the directory.
 URL and Location
 ----------------
 
-Ideally you would not use a separate subdomain, but would use a path at
-your top-level domain, e.g. organization.com/securedrop. This is because
-TLS does not encrypt the hostname, so a SecureDrop user whose connection
-is being monitored would be trivially discovered.
+Your *Landing Page* must be a path at your top-level domain, e.g. 
+organization.com/securedrop, rather than a subdomain (e.g., 
+securedrop.organization.com). This is because TLS does not encrypt the hostname,
+so a SecureDrop user whose connection is being monitored would be trivially
+discovered if you were to use a subdomain.
 
 If the *Landing Page* is deployed on the same domain as another site, you
 might consider having some specific configuration (such as the security