- From: Adam Rice <notifications@github.com>
- Date: Wed, 03 Feb 2021 23:21:44 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 4 February 2021 07:21:56 UTC
I strongly think that 10080 should not be on the restricted list as we have significant evidence of use for HTTP servers, and the protocol is UDP-only so it's not exploitable via HTTP 1 or 2. My assumption is that QUIC provides sufficient guard against untrusted content that it can't be used to exploit UDP NAT algorithms. I removed 554 from the restricted list for Chrome, but I no longer have confidence that it is safe. If it gets added here I will go through the normal intent process to see if we can block it without too much damage to users. I support addressing these two ports in a follow-up. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1148#issuecomment-773092269
Received on Thursday, 4 February 2021 07:21:56 UTC