Content from loopback addresses (e.g. 127.0.0.1) should not be considered mixed content

In progress Issue #11963735 • Assigned to Rajat J.

Open new issue

Browse all tracked issues

Details

Author
Birunthan M.
Created
May 10, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Standard affected
Secure Contexts

Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

According to the spec, content from loopback addresses should no longer
be treated as mixed content even in secure origins. See:

In other words, e.g. fetch('http://127.0.0.1:1234/foo/bar') on a HTTPS site should be allowed without triggering the mixed content blocker.

Note Chrome (and soon Firefox) only whitelist ‘127.0.0.1’ and '::1’. See:

Attachments

0 attachments

    Comments and activity

    • Birunthan M. May 10, 2017 2017-05-10T17:09:06.38Z

      Changed Steps to Reproduce

    • Microsoft Edge Team

      Steven K. May 11, 2017 2017-05-11T16:42:22.48Z

      Changed Assigned To to “Steven K.”

      OSG V. Jun 13, 2017 2017-06-13T03:13:38.607Z

      Changed Assigned To to “Venkat K.”

      Venkat K. Jun 13, 2017 2017-06-13T22:19:56.27Z

      Changed Assigned To from “Venkat K.” to “Ali A.”

      Ali A. Jun 26, 2017 2017-06-26T17:35:09.01Z

      Changed Assigned To from “Ali A.” to “Rajat J.”

      Ali A. Jun 26, 2017 2017-06-26T17:35:09.01Z

      Changed Status to “Confirmed”

      Rajat J. Jun 27, 2017 2017-06-27T20:57:10.627Z

      Changed Status from “Confirmed” to “In progress”

    You need to sign in to your Microsoft account to add a comment.

    Sign in