Re: [whatwg/fetch] Consider shifting the "bad port list" to an allowlist. (#1189) from Adam Rice on 2021-03-09 (public-webapps-github@w3.org from March 2021)

From: Adam Rice <notifications@github.com>
Date: Tue, 09 Mar 2021 07:06:00 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1189/794017955@github.com>

A preflight could protect vulnerable endpoints, but it couldn't protect vulnerable middleboxes, because in the Slipstream attack the server is also malicious and so can handle the preflight correctly.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1189#issuecomment-794017955

Received on Tuesday, 9 March 2021 15:06:12 UTC