W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2016

Re: [MIX] Carveout for `127.0.0.1`?

From: Mike West <mkwst@google.com>
Date: Wed, 4 May 2016 08:48:09 +0200
Message-ID: <CAKXHy=cCi6+J_Ve+RbgFuZj3C+MORUqaRHpE+RhVbtv4ieJMJA@mail.gmail.com>
To: "Nottingham, Mark" <mnotting@akamai.com>
Cc: Axel Nennker <Axel.Nennker@telekom.de>, Richard Barnes <rbarnes@mozilla.com>, Devdatta Akhawe <dev.akhawe@gmail.com>, "Eduardo' Vela <Nava>" <evn@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, May 4, 2016 at 7:42 AM, Nottingham, Mark <mnotting@akamai.com>
wrote:

> What about the rest of 128.0.0.0/8? And ::1/128 for IPv6?
>

The idea would be to use
https://www.w3.org/TR/secure-contexts/#is-origin-trustworthy as the guard
for mixed content: step 4 in that algorithm includes both these ranges.

-mike
Received on Wednesday, 4 May 2016 06:55:03 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:20 UTC