My bad, I see
https://groups.google.com/a/chromium.org/g/blink-dev/c/WJnjKYY2iSs/m/Rh9HlI3lAwAJ?utm_medium=email&utm_source=footer&e=48417069
now. :)
On 2/10/25 10:13 AM, Mike Taylor wrote:
I guess this shipped without an I2S:
https://chromium-review.googlesource.com/c/chromium/src/+/5923046/9#message-dc8883289c59b7f359430d7839e0d4b50feb3033.
Any particular reason why?
On 10/18/24 11:53 PM, Alex Russell wrote:
It's a good proposal and if it is reformulated as an I2S, I'll approve.
Erik: lmk if i can help with paperwork there.
On Sat, Oct 19, 2024, 4:54 AM Mike Taylor <miketa...@chromium.org> wrote:
Should this be an Intent to Ship?
On 10/18/24 2:39 PM, 'Eric Lawrence' via blink-dev wrote:
CL:
https://chromium-review.googlesource.com/c/chromium/src/+/5923046?tab=comments
Today, if a https://localhost:* response sets
Strict-Transport-Security, HTTPS upgrades will be applied to all
subsequent http://localhost requests, regardless of port.
Localhost is inherently a secure context, and
Strict-Transport-Security response headers received on
https://localhost responses can cause problems because they are
not isolated by port. This leads to compatibility problems for
end-users who use software packages that commonly spin up
localhost webservers for ephemeral reasons (e.g. communication
of an auth token from a web login to a local software package).
This is also a source of friction for web developers who test
their applications locally for the same reason.
I propose we resolve this problem by matching Firefox's behavior
and ignoring HSTS headers on responses returned from localhost URLs.
As requested, I've proposed an errata for RFC6797 to add the
following to section 8.1.1:
If the substring matching the host production from the
Request-URI (of the message to which the host responded)
syntactically matches the string "localhost" or ends with
".localhost", then the UA MAY choose not to note this host as a
Known HSTS host.
--
You received this message because you are subscribed to the
Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/138764fe-efad-406e-b3b0-3a1a600bc8d9n%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/138764fe-efad-406e-b3b0-3a1a600bc8d9n%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the
Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1beb12df-bfcd-422d-a37c-d0d8e4bbefab%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/1beb12df-bfcd-422d-a37c-d0d8e4bbefab%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e47e905a-a854-481a-b56d-c6fff32a3d02%40chromium.org.
