W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2016

Re: `localhost` as Secure Context, take 2 (was Re: CfC: Transition "Secure Contexts" to CR; deadline August 2nd.)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Thu, 29 Sep 2016 08:01:08 +0200
To: Melvin Carvalho <melvincarvalho@gmail.com>, Mike West <mkwst@google.com>
Cc: Brad Hill <hillbrad@gmail.com>, Jake Archibald <jakearchibald@google.com>, Erik Nygren <erik+w3@nygren.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "www-tag@w3.org List" <www-tag@w3.org>, Dan Veditz <dveditz@mozilla.com>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <6c003042-8b66-647a-3992-235c27c08efa@gmail.com>
On 2016-09-29 01:20, Melvin Carvalho wrote:
>
<snip>
>
> I currently use my browser to connect to localhost (via http and https).  A couple of questions:
>
> 1. Is this spec something that affects user agents today, or something in future.  Id love to hear a short description of how.
>
> 2. Is there an easy workaround?  For example could I alias my localhost to be called another domain name via /etc/hosts or using a CNAME that tunnels through my firewall (which I think would work for me at home but not when im traveling).  Or is there a flag to switch it off in the user agents settings.
>

I second these questions although they really only represent the tip of a much bigger ice-berg:

https://bugs.chromium.org/p/chromium/issues/detail?id=614658

Anders
Received on Thursday, 29 September 2016 06:01:42 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:57 UTC