Re: [MIX] Carveout for `127.0.0.1`? from Mike West on 2016-05-04 (public-webappsec@w3.org from May 2016)

From: Mike West <mkwst@google.com>
Date: Wed, 4 May 2016 08:48:09 +0200
To: "Nottingham, Mark" <mnotting@akamai.com>
Cc: Axel Nennker <Axel.Nennker@telekom.de>, Richard Barnes <rbarnes@mozilla.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, "Eduardo' Vela <Nava>" <evn@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAKXHy=cCi6+J_Ve+RbgFuZj3C+MORUqaRHpE+RhVbtv4ieJMJA@mail.gmail.com>

On Wed, May 4, 2016 at 7:42 AM, Nottingham, Mark <mnotting@akamai.com>
wrote:

> What about the rest of 128.0.0.0/8? And ::1/128 for IPv6?
>

The idea would be to use
https://www.w3.org/TR/secure-contexts/#is-origin-trustworthy as the guard
for mixed content: step 4 in that algorithm includes both these ranges.

-mike

Received on Wednesday, 4 May 2016 06:55:03 UTC