CORS-RFC1918: CORS restrictions on internet-to-intranet connections.

We'll begin requiring servers on a user's machine (127.0.0.1) or intranet (as defined by RFC1918) to explicitly opt-in to connections originating from the public internet. Hopefully, this will mitigate the risks associated with unintentional exposure of devices and servers on a client’s internal network to the web at large.

Specification

Editor's draft

Status in Chromium

Blink


In developer trial (Behind a flag) (tracking bug) in:

  • Chrome for desktop release 87

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signal
  • No signals

Owners

Intent to Prototype url

Intent to Prototype thread

Last updated on 2020-10-25