Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hard-code localhost to loopback addresses. #1257

Merged
merged 3 commits into from
Jun 23, 2021
Merged

Hard-code localhost to loopback addresses. #1257

merged 3 commits into from
Jun 23, 2021

Conversation

mikewest
Copy link
Member

@mikewest mikewest commented Jun 22, 2021
edited by pr-preview bot
Loading

This patch incorporates draft-ietf-dnsop-let-localhost-be-localhost's recommendation
to hard-code resolution of *.localhost domains to 127.0.0.1 and [::1], matching
the existing behavior of both Chrome and Firefox. This change allows user agents
to ensure that localhost contexts meet the secure context requirements laid out
in https://w3c.github.io/webappsec-secure-contexts/#localhost.

See https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-let-localhost-be-localhost
for additional detail and justification.

(See WHATWG Working Mode: Changes for more details.)

Preview | Diff

mikewest and others added 3 commits June 22, 2021 12:07
@mikewest
Hard-code localhost to loopback addresses.
ead5279 
This patch incorporates draft-ietf-dnsop-let-localhost-be-localhost's recommendation
to hard-code resolution of `*.localhost` domains to 127.0.0.1 and [::1], matching
the existing behavior of both Chrome and Firefox. This change allows user agents
to ensure that localhost contexts meet the secure context requirements laid out
in https://w3c.github.io/webappsec-secure-contexts/#localhost.

See https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-let-localhost-be-localhost
for additional detail and justification.
@mikewest
fixup whitespace
46528b9
@annevk
nits
b13ccf2
@annevk
Copy link
Member

annevk commented Jun 22, 2021

I pushed some nits. In particular I made the IPv6 address go first and used the notation without square brackets as that is reserved for inside URLs.

(This would fix #1118.)

@annevk annevk requested a review from ricea June 22, 2021 12:29
@annevk
Copy link
Member

annevk commented Jun 22, 2021

cc @fred-wang

@mikewest
Copy link
Member Author

Your nit fixes LGTM. Thanks!

@ricea
Copy link
Collaborator

ricea commented Jun 23, 2021

lgtm

@annevk annevk merged commit d20e8c9 into main Jun 23, 2021
@annevk annevk deleted the let-localhost-be-localhost branch June 23, 2021 09:15
@annevk annevk mentioned this pull request Jun 23, 2021
Closed
@annevk annevk mentioned this pull request Apr 29, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ricea ricea ricea approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikewest @annevk @ricea