- From: Anne van Kesteren <notifications@github.com>
- Date: Wed, 25 Sep 2024 06:20:35 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 25 September 2024 13:20:39 UTC
For 6to4 and `::ffff:0:0`, wouldn't in those cases the request leave the end user's machine and thus not present the same attack vector? I can understand still wanting to block it in case a client does do something weird or the router is not adequately protected, although technically that should not be our problem. Then furthermore, are we sure 6to4 and `::ffff:...` are the sole mechanisms or are there other ways to end up with IPv4 through IPv6? Is there an RFC perhaps that describes a function that you hand an IPv6 address and it either hands you an IPv4 if it can derive one or null? That'd be somewhat ideal to have here. cc @ricea @ekinnear @martinthomson -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1763#issuecomment-2374069474 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1763/c2374069474@github.com>
Received on Wednesday, 25 September 2024 13:20:39 UTC