Local Network Access #163
Labels
from: Google
Proposed, edited, or co-edited by Google.
position: support
topic: fetch
Relates to the Fetch API
topic: networking
venue: WHATWG Fetch Workstream
venue: WICG
Proposal is incubated in the Web Incubator Community Group
WebKittens
@annevk
Title of the spec
Local Network Access (aka Private Network Access, CORS-RFC1918)
URL to the spec
https://wicg.github.io/local-network-access
URL to the spec's repository
https://github.com/wicg/local-network-access
Issue Tracker URL
No response
Explainer URL
https://github.com/WICG/local-network-access/blob/main/explainer.md
TAG Design Review URL
w3ctag/design-reviews#572
Mozilla standards-positions issue URL
mozilla/standards-positions#143
WebKit Bugzilla URL
https://bugs.webkit.org/show_bug.cgi?id=250607
Radar URL
rdar://104246665
Description
Local Network Access aims to prevent CSRF attacks against insecure devices on the local network. This is achieved by deprecating direct access to private IP addresses from public websites, and instead requiring that:
Note that we are working on adding a path for HTTPS initiators to bypass mixed content restrictions when talking to the local network, since HTTPS communications on the local network are difficult to set up and operate.
Previous requests for positions, from back in 2021:
The text was updated successfully, but these errors were encountered: