Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow http://127.0.0.1. #4

Closed
mikewest opened this issue Apr 29, 2016 · 0 comments
Closed

Allow http://127.0.0.1. #4

mikewest opened this issue Apr 29, 2016 · 0 comments

Comments

@mikewest
Copy link
Member

Currently, mixed content checks block http://127.0.0.1 from loading in a page delivered over TLS. I'm (belatedly) coming around to the idea that that restriction does more harm than good. In particular, I'll note that folks are installing new trusted roots and self-signing certs for that IP address, exposing themselves to additional risk for minimal benefit. Helpful locally installed software is doing the same, with even more associated risk.

I'd like to change MIX to use the Secure Contexts spec's notion of "potentially trustworthy" origins as opposed to toggling strictly based on the URL's protocol. This would be a normative change that would force us back to CR again. shrug Seems like it might be worth doing anyway.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mikewest