W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: Websockets and connections to private IPs and localhost

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 19 Mar 2015 10:01:21 +0100
Message-ID: <CADnb78g7bPyCnoe-yUkSQE+UHa8pH9HSzB24kXyp7U0FooLUaA@mail.gmail.com>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Mar 19, 2015 at 9:46 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
> In https://code.google.com/p/chromium/issues/detail?id=378566, the
> blink team is planning on blocking all connections to private networks
> and localhost. This is unfortunate, because (as discussed in the bug)
> this breaks a bunch of applications. I was wondering: instead of
> cutting down all accesses outright, can we make a compromise in
> allowing websockets to connect?

How is WebSocket different from CORS in that regard?

Received on Thursday, 19 March 2015 09:01:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:47 UTC