[Webkit-unassigned] [Bug 171934] Content from loopback addresses (e.g. 127.0.0.1) should not be considered mixed content
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 15 20:18:03 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=171934
--- Comment #29 from homakov <homakov at gmail.com> ---
>I fail to understand the rationale to block localhost here.
Antoine, you must be new here :) Arguments have no power in the land of this ticket.
This is "Mr Proskuryakov against the world" thread. After getting dozens of reasons to make a sane default or at least follow the spec, even after getting a direct endorsement by a security expert like me, that it is indeed totally fine and safe (I fail to see he has any understanding of threat modeling and web security), nothing's changed.
Now I keep this URL in my "this is why safari sucks" collection and to give websec friends a good laugh.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180816/4f941acd/attachment-0001.html>
More information about the webkit-unassigned
mailing list