Connections to HTTP, HTTPS or FTP servers on port 10080 will fail. This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.

Motivation

Mitigation for the NAT Slipstreaming attack: https://samy.pl/slipstream/. Preserves user confidence in the web by preventing their browser being used as a vector to attack their internal network.

Specification

Editor's draft

Status in Chromium

Internals>Network


Enabled by default in:

  • Chrome for desktop release 91
  • Chrome for Android release 91
  • Android WebView release 91

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Shipped/Shipping
  • No signal
  • In development
  • Positive

Owner

Comments

Spec change landed in https://github.com/whatwg/fetch/pull/1214.

Last updated on 2021-05-04