Closed jaime-rivas closed 7 months ago
Thank you for proposing Local Network Access and Mixed Content specification for inclusion in Interop 2024.
We wanted to let you know that this proposal was not selected to be part of Interop 2024. This is because we got many more proposals than we could include in this year's project. Note that individual vendors may nevertheless choose to advance work in this area during the forthcoming year. We would welcome this proposal being resubmitted again next year, if necessary.
For an overview of our process, see proposal selection. Thank you again for contributing to Interop 2024!
Posted on behalf of the Interop team.
Description
Local / Private Network Access: is a security mechanism to explicitly opt-in to requests from the public internet. It allows secure websites on the public internet to make requests to internal devices and servers. There are several use cases for webapps running in a web interface to call APIs on a user’s loopback address (e.g. a webapp calling a nodejs service running in the computer).
Mixed Content specification: Blink and Gecko allow secure websites to call loopback addresses. WebKit deviate from the W3C Mixed Content specification and forbid these requests as Mixed Content. They also do not implement Private Network Access, so websites might wish to redirect clients using such browsers to a plaintext HTTP version of the website, which would still be allowed by such browsers to make requests to localhost.
It would be very positive to:
Specification
https://wicg.github.io/private-network-access/
Open Issues
Gecko: https://bugzilla.mozilla.org/show_bug.cgi?id=1481298 (meta bug)
Webkit: https://bugs.webkit.org/show_bug.cgi?id=250607 (meta bug) https://bugs.webkit.org/show_bug.cgi?id=171934 (current issues with localhost) https://bugs.webkit.org/show_bug.cgi?id=250776 (current issues with localhost)
Tests
https://wpt.fyi/results/fetch/private-network-access?label=master&label=experimental&aligned
Current Implementations
Standards Positions
Blink: Implemented Gecko: Positive. https://mozilla.github.io/standards-positions/#cors-and-rfc1918 Webkit: No position
Browser bug reports
No response
Developer discussions
No response
Polls & Surveys
No response
Existing Usage
No response
Workarounds
No response
Accessibility Impact
No response
Privacy Impact
No response
Other
No response