The text in the default Intent email is derived from the position issue's labels, and https://github.com/mozilla/standards-positions/issues/143 was closed before the Mozilla folks had created the labels we're looking for. We don't have great help text in Chrome Status to help feature owners figure that out, but folks can either edit the text before sending, link to the published position itself ( https://mozilla.github.io/standards-positions/#cors-and-rfc1918) if one exists, or ask the Mozilla (or WebKit or TAG) folks to add a label.
Jeffrey On Mon, Jun 3, 2024 at 3:50 PM Mike Taylor <[email protected]> wrote: > On 6/4/24 6:26 AM, 'Kagami Rosylight' via blink-dev wrote: > > > *Gecko*: Closed Without a Position ( > https://github.com/mozilla/standards-positions/issues/143) > > It looks like it's closed with position: "worth prototyping", though? Or > is there another issue that is closed without position? > > I can see why that's confusing - it's labelled as "proposal appears > stale", but if you follow the linked PR > https://github.com/mozilla/standards-positions/pull/480 you can get to > the actual resolution. > > > On Monday, June 3, 2024 at 6:04:03 PM UTC+2 [email protected] wrote: > >> Contact emails [email protected] >> >> Explainer None >> >> Specification https://wicg.github.io/private-network-access >> >> Summary >> >> We propose to block access to IP address 0.0.0.0 in advance of PNA >> completely rolling out. Chrome is deprecating direct access to private >> network endpoints from public websites as part of the Private Network >> Access (PNA) specification ( >> https://developer.chrome.com/blog/private-network-access-preflight/). >> Services listening on the localhost (127.0.0.0/8) are considered private >> according to the specification ( >> https://wicg.github.io/private-network-access/#ip-address-space-heading). >> Chrome's PNA protection (rolled out as part of >> https://chromestatus.com/feature/5436853517811712) can be bypassed using >> the IP address 0.0.0.0 to access services listening on the localhost on >> macOS and Linux. This can also be abused in DNS rebinding attacks targeting >> a web application listening on the localhost. Since 0.0.0.0 is not used in >> practice (and should not be used), but was overlooked during >> https://chromestatus.com/feature/5436853517811712, we're deprecating it >> separately from the rest of the private network requests deprecation. This >> will be a Finch (experimental) rollout, rather than a Developer Trial. >> >> >> Blink component Blink>SecurityFeature>CORS>PrivateNetworkAccess >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> >> >> Search tags security <https://chromestatus.com/features#tags:security>, >> Private >> Network Access >> <https://chromestatus.com/features#tags:Private%20Network%20Access> >> >> TAG review None >> >> TAG review status Not applicable >> >> Chromium Trial Name PrivateNetworkAccessNullIpAddressAllowed >> >> Origin Trial documentation link https://crbug.com/1300021 >> >> WebFeature UseCounter name kPrivateNetworkAccessNullIpAddress >> >> Risks >> >> >> Interoperability and Compatibility >> >> None >> >> >> *Gecko*: Closed Without a Position ( >> https://github.com/mozilla/standards-positions/issues/143) >> >> *WebKit*: Support ( >> https://github.com/WebKit/standards-positions/issues/163) >> >> *Web developers*: No signals >> >> *Other signals*: >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> None >> >> >> Goals for experimentation >> >> Ongoing technical constraints >> >> Eventually, all private network access will be limited according to the >> developing Private Network Access spec. >> >> >> Debuggability >> >> None >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)? Yes >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? No >> >> Flag name on chrome://flags block-null-ip-address >> >> Finch feature name PrivateNetworkAccessNullIpAddress >> >> Requires code in //chrome? False >> >> Tracking bug https://crbug.com/1300021 >> >> Estimated milestones >> Shipping on desktop 133 >> Origin trial desktop first 127 >> Origin trial desktop last 133 >> DevTrial on desktop 127 >> Shipping on Android 133 >> OriginTrial Android last 133 >> OriginTrial Android first 127 >> DevTrial on Android 127 >> Shipping on WebView 133 >> OriginTrial webView last 133 >> OriginTrial webView first 127 >> >> Link to entry on the Chrome Platform Status >> https://chromestatus.com/feature/5106143060033536 >> >> This intent message was generated by Chrome Platform Status >> <https://chromestatus.com/>. >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1b0415c6-7195-4d70-b698-f8ec245e5796n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1b0415c6-7195-4d70-b698-f8ec245e5796n%40chromium.org?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/de789612-cb7b-46fb-8b8a-03fcaf5bb4f9%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/de789612-cb7b-46fb-8b8a-03fcaf5bb4f9%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANh-dXmySfGu_uwpovcOeZ6C83LdiAaD3fm4aTOPXM6adkbz9Q%40mail.gmail.com.
