How we built it

CORS restrictions on internet-to-intranet connections.

We'll begin requiring servers on a user's machine (127.0.0.1) or intranet (as defined by RFC1918) to explicitly opt-in to connections originating from the public internet. Hopefully, this will mitigate the risks associated with unintentional exposure of devices and servers on a client’s internal network to the web at large.

Specification

Editor's draft

Status in Chromium

In development (launch bug)

Consensus & Standardization

  • No public signals
  • No public signals
  • No public signals
  • No signals

Owner

Last updated on 2016-02-29