Re: Restrict loopback address to Secure Contexts?

On Tue, Sep 27, 2016 at 6:37 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
> My 2c: it is just plain weird to allow a seemingly powerful feature
> like connecting to localhost from http sites (insecure contexts) but
> block it from https sites (secure contexts). So, I am all for allowing
> that.

That really depends on whether it is secure or not, no? If we want to
establish trust in HTTPS and distrust in HTTP, copying insecure
features from HTTP to HTTPS would be a bad move.


-- 
https://annevankesteren.nl/

Received on Tuesday, 27 September 2016 07:44:47 UTC