Re: [secure-contexts] `*.localhost` + DNS

On Tue, May 3, 2016 at 6:22 AM, Adrian Hope-Bailie <>

> Are you saying that the intent is to not consider the actual resolved IP
> address of the host but rather the host portion of the requested URL? It
> would seem less "hacky" to have a rule that simply says, if the host
> resolves to it's secure.

​It would be less hacky to the user, but at least in Gecko there's not
currently a good path for the DOM layer that is making these security
decisions to get the resolved IP address from the networking
​. As a practical matter it would be far easier to support a flag as Mike
suggested than to rewrite a bunch of internal APIs.

-Dan Veditz

Received on Wednesday, 4 May 2016 16:17:09 UTC