Le lun. 3 mai 2021 à 14:58, Titouan Rigoudy via webkit-dev < [email protected]> a écrit :
> Hi there friendly WebKittens, > > I am gearing up to ship a small first step of Private Network Access [1] > in Chromium. Roughly: > > Websites served over HTTP from public IP addresses will no longer be > allowed to make subresource fetches to private IP addresses (RFC1918 and/or > localhost). Specifically, this restriction applies to non-secure contexts. > Secure contexts are unaffected by this change. > This seems like a good move to me. To be sure to understand, private IP address servers will not be able to opt-in to be accessed by any HTTP origin. But they will be able to opt-in for specific HTTPS origins. Is it correct? We have metrics in place telling us that ~0.1% of page visits at most make > use of this feature. > Do you know whether these 0.1% happens more often in corporate networks? > > I am interested in WebKit's opinion on this matter. > > For more details, see the chromestatus entry [2] and the Intent to Ship > thread on [email protected] [3]. > > Cheers, > Titouan > > [1] https://wicg.github.io/private-network-access/ > [2] https://chromestatus.com/feature/5436853517811712 > [3] > https://groups.google.com/a/chromium.org/g/blink-dev/c/cPiRNjFoCag/m/DxEEN9-6BQAJ > _______________________________________________ > webkit-dev mailing list > [email protected] > https://lists.webkit.org/mailman/listinfo/webkit-dev >
_______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
