Latest Updates To Accelerated Mobile Pages — What You Need To Know
Accelerated Mobile Pages are a brilliant way of browsing sites, by stripping away unnecessary content sites with AMP enabled can appear to load almost instantly. Recent changes mean that now the Google AMP cache will now serve each site from its own subdomain https://cdn.ampproject.org. This allows AMP content to be protected by the HTML5 origin, improving security. To benefit from the improved security, web developers working with AMP will need to update their CORS implementation. The AMP cache will still support existing URLs but they will soon redirect to the new URL scheme.
The Google AMP cache will begin to create subdomains that are human readable when character and technical limits allow and will resemble the publisher’s domain, The Cache will create each subdomain by:
- Converting the AMP document domain from IDN to UTF-8.
- “-” Dashes will be replaced with “–” (2 dashes)
- “.” dots will be replaced with a single “-” dash
For instance, xda-developers.com will map to xda–developers-com.cdn.ampproject.org. If technical limitations don’t allow for a human readable subdomain, a one-way hash will be used instead. Because of this CORS endpoints will start to see requests with new origins which will require you to implement the following changes.
Expand request acceptance to the new subdomain: Sites that currently only accept CORS requests from https://cdn.ampproject.org and the publisher’s own origins must update their systems to accept requests from https://[pub-com].cdn.ampproject.org, https://cdn.ampproject.org, and the AMP publisher’s own origins.
Tighten request acceptance for security: Sites that currently accept CORS requests from https://*.ampproject.org as described in the AMP spec, can improve security by restricting acceptance to requests from https://[pub-com].cdn.ampproject.org, https://cdn.ampproject.org, and the AMP publisher’s own origins. Support for https://*.ampproject.org is no longer necessary.
Support for new subdomain pattern by ads, analytics, and other technology providers: Service providers such as analytics and ads vendors that have a CORS endpoint will also need to ensure that their systems accept requests from the Google AMP Cache’s subdomains (e.g.https://ampbyexample-com.cdn.ampproject.org), in addition to their own hosts.
Haven’t enabled AMP on your site yet? Head to the link below to read our full guide on what it is and how to implement it fully!