[webkit-dev] Request for opinion: Private Network Access secure context restriction
Titouan Rigoudy
titouan at google.com
Mon May 3 05:57:18 PDT 2021
Hi there friendly WebKittens,
I am gearing up to ship a small first step of Private Network Access [1] in
Chromium. Roughly:
Websites served over HTTP from public IP addresses will no longer be
allowed to make subresource fetches to private IP addresses (RFC1918 and/or
localhost). Specifically, this restriction applies to non-secure contexts.
Secure contexts are unaffected by this change.
We have metrics in place telling us that ~0.1% of page visits at most make
use of this feature.
I am interested in WebKit's opinion on this matter.
For more details, see the chromestatus entry [2] and the Intent to Ship
thread on blink-dev at chromium.org [3].
Cheers,
Titouan
[1] https://wicg.github.io/private-network-access/
[2] https://chromestatus.com/feature/5436853517811712
[3]
https://groups.google.com/a/chromium.org/g/blink-dev/c/cPiRNjFoCag/m/DxEEN9-6BQAJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20210503/59195a3b/attachment.htm>
More information about the webkit-dev
mailing list