-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include 0.0.0.0 in the same group à 127.0.0.0/8 #24
Comments
Per https://en.wikipedia.org/wiki/0.0.0.0 it seems we could also attempt to define that in the context of browsers this results in a network error. |
That seems like a very reasonable outcome to me. |
Where would be the right place to specify that behavior across browsers? I'm not sure this spec is a natural fit. |
I've been thinking Fetch, also for https://tools.ietf.org/html/draft-west-let-localhost-be-localhost. (It'll need to say things about DNS anyway for state partitioning efforts.) |
Per #30, we will consider |
On Linux and MacOS, trying to connect to
0.0.0.0
actually connects to the local machine. This can be used for DNS rebinding attacks. As a consequence 0.0.0.0 should be included in the same group à 127.0.0.0/8 (i.e. private or local).The text was updated successfully, but these errors were encountered: