Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison) from Anne van Kesteren on 2015-01-29 (public-webappsec@w3.org from January 2015)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 29 Jan 2015 11:23:35 +0100
To: Mike West <mkwst@google.com>
Cc: Joel Weinberger <jww@chromium.org>, Brian Smith <brian@briansmith.org>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CADnb78gbhHdkCBGZdD68oAGCfhg4_0kY4XHiXxnvSNx7XeMZjg@mail.gmail.com>

On Thu, Jan 29, 2015 at 11:18 AM, Mike West <mkwst@google.com> wrote:
> The only piece that isn't defined is IPv6 matching. We define IP address
> matching, it just doesn't make sense when wildcards come in. :)

Do

  http://2/

and

  http://0.0.0.2/

match?

Do

  http://0.00.0.2/

and

  http://00.0.0.2/

match?

>From my reading of the text neither worked.


-- 
https://annevankesteren.nl/

Received on Thursday, 29 January 2015 10:29:24 UTC