Content from loopback addresses (e.g. should not be considered mixed content

In progress Issue #11963735 • Assigned to Rajat J.


Birunthan M.
May 10, 2017
This issue is public.
Found in
  • Microsoft Edge
Standard affected
Secure Contexts

Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

According to the spec, content from loopback addresses should no longer
be treated as mixed content even in secure origins. See:

In other words, e.g. fetch('') on a HTTPS site should be allowed without triggering the mixed content blocker.

Note Chrome (and soon Firefox) only whitelist ‘’ and '::1’. See:


0 attachments

    Comments and activity

    • Changed Steps to Reproduce

    • Microsoft Edge Team

      Changed Assigned To to “Steven K.”

      Changed Assigned To to “Venkat K.”

      Changed Assigned To from “Venkat K.” to “Ali A.”

      Changed Assigned To from “Ali A.” to “Rajat J.”

      Changed Status to “Confirmed”

      Changed Status from “Confirmed” to “In progress”

    You need to sign in to your Microsoft account to add a comment.

    Sign in