[whatwg/fetch] Hard-code `localhost` to loopback addresses. (#1257)

This patch incorporates draft-ietf-dnsop-let-localhost-be-localhost's recommendation
to hard-code resolution of `*.localhost` domains to 127.0.0.1 and [::1], matching
the existing behavior of both Chrome and Firefox. This change allows user agents
to ensure that localhost contexts meet the secure context requirements laid out
in https://w3c.github.io/webappsec-secure-contexts/#localhost.

See https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-let-localhost-be-localhost
for additional detail and justification.

<!--
Thank you for contributing to the Fetch Standard! Please describe the change you are making and complete the checklist below if your change is not editorial.
-->

- [X] At least two implementers are interested (and none opposed):
   * Chrome ships this mapping.
   * Firefox does as well.
- [ ] [Tests](https://github.com/web-platform-tests/wpt) are written and can be reviewed and commented upon at:
   * I don't think we can test this via WPT, as we can't ensure that a server is running on loopback addresses on the machine from which tests are being executed.
- [X] [Implementation bugs](https://github.com/whatwg/meta/blob/main/MAINTAINERS.md#handling-pull-requests) are filed:
   * Chrome: https://crbug.com/691930
   * Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1220810
   * Safari: https://bugs.webkit.org/show_bug.cgi?id=171934

(See [WHATWG Working Mode: Changes](https://whatwg.org/working-mode#changes) for more details.)

You can view, comment on, or merge this pull request online at:

  https://github.com/whatwg/fetch/pull/1257

-- Commit Summary --

  * Hard-code `localhost` to loopback addresses.

-- File Changes --

    M fetch.bs (20)

-- Patch Links --

https://github.com/whatwg/fetch/pull/1257.patch
https://github.com/whatwg/fetch/pull/1257.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1257