Intent to prototype & ship: Treat localhost addresses as "Potentially Trustworthy"
Skip to first unread message
Oct 21, 2020, 3:35:22 AM10/21/20
Reply to author
Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Report message as abuse
Sign in to report message as abuse
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
I'm going to try and land a patch for bug 1220810 today, which makes
localhost addresses secure contexts. It seems there were attempts to
land this change 7 months ago and again 3 months ago, but I can't find
any intent email, so I'm sending this one.
Summary: Ensure that localhost addresses resolve to a loopback address,
thereby ensuring that we can safely treat `http://localhost/` and
`http://*.localhost/` as "Potentially Trustworthy". This addresses
various bug reports from developers and aligns with specifications.
Preference: This will ship enabled by default (existing
network.proxy.allow_hijacking_localhost preference can be used to
disable the hardcoded loopback address and resolve proxy for localhost
but I think it's mostly for internal testing).