- From: David Barratt <notifications@github.com>
- Date: Wed, 15 Aug 2018 16:21:28 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 15 August 2018 16:21:51 UTC
sure it does! but it also has a username/password. With this change, I wouldn't be able to pass an `Authorization` or a `Cookie` header, so there would be no way to access it anyways. Another security risk to a completely open intranet site, is that I could have a user download a _portable_ native application onto their computer, then I have unrestricted access to every intranet site. This again, is why corporations have additional protections on their intranet site, and why my router requires a password on it's site. Sure, there might be some old old routers that don't, but that's _already_ a huge security vulnerability that should be fixed anyways. My point is, is that the browser is unnecessarily protecting intranet sites and giving a false sense of security. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/787#issuecomment-413250669
Received on Wednesday, 15 August 2018 16:21:51 UTC