Re: [whatwg/url] Addressing HTTP servers over Unix domain sockets (#577) from Jeremy Impson on 2025-01-22 (public-webapps-github@w3.org from January 2025)

From: Jeremy Impson <notifications@github.com>
Date: Tue, 21 Jan 2025 22:42:09 -0800
To: whatwg/url <url@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/url/issues/577/2606418305@github.com>

Allowing use of DNS to resolve a URI to a Unix Domain Socket path sounds like a wonderful gift to hand to malevolent actors. Convincing a user to click a link that resolves to a well-known UDS-based service would become commonplace. Regardless of what any RFC says, a URI referring to local resources should  look significantly different from one referring to external resources, so that no person and no legacy or naive code could be confused about what transport mechanism is involved in accessing the resource in question.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/issues/577#issuecomment-2606418305
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/url/issues/577/2606418305@github.com>

Received on Wednesday, 22 January 2025 06:42:13 UTC