- From: Matt Menke <notifications@github.com>
- Date: Tue, 09 Mar 2021 06:22:14 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 9 March 2021 14:22:27 UTC
Once a PAC script is injected, it can make requests for http://some_host:80/ to http://local.domain:<forbidden_port> by setting that as a proxy for those requests. Bypassing both the port blacklist and any additional webby security features around connections to local IPs. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1189#issuecomment-793961829
Received on Tuesday, 9 March 2021 14:22:27 UTC