[Webkit-unassigned] [Bug 160504] Localhost subdomains don't work
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 6 13:46:50 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=160504
--- Comment #11 from Marcin Rataj <lidel at lidel.org> ---
This continues to pose a challenge for IPFS gateway implementations that require Origin isolation (https://specs.ipfs.tech/http-gateways/subdomain-gateway/).
The lack of subdomain support on localhost specifically impacts macOS Safari users, preventing them from achieving per-website Origin isolation and reducing their overall security. Examples in https://github.com/ipfs/in-web-browsers/issues/206
Not supporting localhost subdomain functionality in WebKit introduces a risk for end users,
particularly in web applications and PWAs that store sensitive user data in localStorage scoped per Origin.
Firefox and Chromium do not encounter this issue since they now bind localhost to the loopback
and bypass the DNS resolver provided by the operating system.
As a result, their users can load websites from the local gateway, where each website has its own Origin:
http://en.wikipedia-on-ipfs.org.ipns.localhost:8080/wiki/
http://bafybeiaysi4s6lnjev27ln5icwm6tueaw2vdykrtjkwiphwekaywqhcjze.ipfs.localhost:8080/wiki/
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230606/86161721/attachment.htm>
More information about the webkit-unassigned
mailing list