Re: [secure-contexts] `*.localhost` + DNS

On Wed, May 4, 2016 at 8:59 AM, Adrian Hope-Bailie
<adrian@hopebailie.com> wrote:
>> This violates expectations for users:
>
> What users and on what basis?
>
> If the "users" are developers then are you suggesting they don't understand
> that there is a difference between localhost and 127.0.0.1?
>
> We always need to balance good security approaches with pandering to the
> stupidity of users and I think that line can be drawn in a different place
> when the users are explicitly Web developers.

I don't think we need to call people "stupid" for not realizing that
localhost and 127.0.0.1 can be different. We also don't need to
satisfy every expectation when there are good reasons not to.

Jeffrey

Received on Wednesday, 4 May 2016 16:54:52 UTC