W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 29 Jan 2015 10:54:31 +0100
Message-ID: <CADnb78jXXM_khTBYfU8a7c-fpwsw6v_UD2+0-Rmr4KsDD2QOCw@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Joel Weinberger <jww@chromium.org>, Brian Smith <brian@briansmith.org>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jan 29, 2015 at 10:46 AM, Mike West <mkwst@google.com> wrote:
> For me, the question is whether the window has already closed in which we
> could have created such a restriction. Given that we've been shipping with
> IPv4 support for ~2 years, it wouldn't surprise me if applications had come
> to depend in one way or another on the behavior.

Given that nothing else outlaws public IP addresses we probably want
to support them in the long term. The main problem is the parsing and
comparison not being defined in sufficient detail.

Received on Thursday, 29 January 2015 09:54:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:45 UTC