Content from loopback addresses (e.g. 127.0.0.1) should not be considered mixed content

Fixed, not yet flighted Issue #11963735

Details

Author
Birunthan M.
Created
May 10, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Standard affected
Secure Contexts

Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

According to the spec, content from loopback addresses should no longer
be treated as mixed content even in secure origins. See:

In other words, e.g. fetch('http://127.0.0.1:1234/foo/bar') on a HTTPS site should be allowed without triggering the mixed content blocker.

Note Chrome (and soon Firefox) only whitelist ‘127.0.0.1’ and '::1’. See:

Attachments

0 attachments

    Comments and activity

    • Changed Steps to Reproduce

    • Microsoft Edge Team

      Changed Assigned To to “Steven K.”

      Changed Assigned To to “Venkat K.”

      Changed Assigned To from “Venkat K.” to “Ali A.”

      Changed Assigned To from “Ali A.” to “Rajat J.”

      Changed Status to “Confirmed”

      Changed Status from “Confirmed” to “In progress”

      Changed Status from “In progress” to “Fixed”

      Changed Status from “Fixed” to “Fixed, not yet flighted”

    You need to sign in to your Microsoft account to add a comment.

    Sign in