[webkit-dev] Request for opinion: Private Network Access secure context restriction
youennf at gmail.com
Mon May 3 06:37:48 PDT 2021
Le lun. 3 mai 2021 à 14:58, Titouan Rigoudy via webkit-dev <
webkit-dev at lists.webkit.org> a écrit :
> Hi there friendly WebKittens,
> I am gearing up to ship a small first step of Private Network Access 
> in Chromium. Roughly:
> Websites served over HTTP from public IP addresses will no longer be
> allowed to make subresource fetches to private IP addresses (RFC1918 and/or
> localhost). Specifically, this restriction applies to non-secure contexts.
> Secure contexts are unaffected by this change.
This seems like a good move to me.
To be sure to understand, private IP address servers will not be able to
opt-in to be accessed by any HTTP origin.
But they will be able to opt-in for specific HTTPS origins.
Is it correct?
We have metrics in place telling us that ~0.1% of page visits at most make
> use of this feature.
Do you know whether these 0.1% happens more often in corporate networks?
> I am interested in WebKit's opinion on this matter.
> For more details, see the chromestatus entry  and the Intent to Ship
> thread on blink-dev at chromium.org .
>  https://wicg.github.io/private-network-access/
>  https://chromestatus.com/feature/5436853517811712
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev