Connections to HTTP, HTTPS or FTP servers on port 10080 will fail. This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.
Motivation
Mitigation for the NAT Slipstreaming attack: https://samy.pl/slipstream/. Preserves user confidence in the web by preventing their browser being used as a vector to attack their internal network.
Specification
Status in Chromium
Enabled by default in:
- Chrome for desktop release 91
- Chrome for Android release 91
- Android WebView release 91
Consensus & Standardization
After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.
- Shipped/Shipping
- No signal
- In development
- Positive
Owner
Last updated on 2021-04-16
Comments
Spec change landed in https://github.com/whatwg/fetch/pull/1214.