[w3ctag/design-reviews] CORS-RFC1918 (#572)

Hi there friendly TAG members,

I'm requesting a TAG review of CORS-RFC1918.

CORS-RFC1918 is a web specification which aims to protect websites accessed over the private network (either on localhost or a private IP address) from malicious cross-origin requests.

  - Explainer: https://github.com/WICG/cors-rfc1918/blob/master/explainer.md

  - Security and Privacy self-review: https://github.com/WICG/cors-rfc1918/blob/master/security_privacy_self_review.md

  - GitHub repo: https://github.com/WICG/cors-rfc1918/

  - Primary contacts (and their relationship to the specification):
     - Titouan Rigoudy (@letitz), Google, specifier / implementer
     - Mike West (@mikewest), Google, original specifier / implementer
  - Organization driving the design: Google
  - External status/issue trackers for this feature:
    - https://chromestatus.com/feature/5436853517811712 for the secure context restriction
    - https://chromestatus.com/feature/5733828735795200 for the whole shebang

Further details:

  - [x] I have reviewed the TAG's [API Design Principles](https://w3ctag.github.io/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): WICG
  - The group where standardization of this work is intended to be done ("unknown" if not known): WHATWG, I think?
  - Existing major pieces of multi-stakeholder review or discussion of this design: https://github.com/WICG/cors-rfc1918/issues/

  - Major unresolved issues with or opposition to this design: none
  - This work is being funded by: Google

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/572