Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private Network Access (aka CORS-RFC1918) permission to relax mixed content #751

Closed
1 task done
iVanlIsh opened this issue Jun 28, 2022 · 1 comment
Closed
1 task done
Assignees
Labels
Resolution: satisfied The TAG is satisfied with this design Review type: CG early review An early review of general direction from a Community Group

Comments

@iVanlIsh
Copy link

Wotcher TAG!

I'm requesting a TAG review of Private Network Access permission to relax mixed content.

A new permission to relax mixed content restrictions for private network resources while secure context restriction enabled on public websites which initialed request to private network.

  • Explainer: [url]
  • Security and Privacy self-review: [url]
  • GitHub repo: [url]
  • Primary contacts (and their relationship to the specification):
    • Yifan Luo (@iVanlIsh), Google, specifier / implementer
    • Titouan Regoudy (@letitz), Google, specifier / implementer ( on leave )
    • Mike West (@mikewest), Google, original specifier / implementer
  • Organization driving the design: Google
  • External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): https://chromestatus.com/guide/edit/5954091755241472

Further details:

You should also know that...

The major part of the spec has already been reviewed in #572
Here we forced on permission part to relax mixed content restrictions.

We'd prefer the TAG provide feedback as :

🐛 open issues in our GitHub repo for each point of feedback

@iVanlIsh iVanlIsh added Progress: untriaged Review type: CG early review An early review of general direction from a Community Group labels Jun 28, 2022
@ylafon
Copy link
Member

ylafon commented Jul 26, 2022

With @hadleybeeman @torgo and @maxpassion we reviewed this in our F2F. The only clarification needed is if/how the ipv6 case is handled, but otherwise it looks good to us.

To point 1 of the security & privacy self-review, any proxying from the local network is a risk that the owner accepts when setting it up, and most probably something that the prompt would be enough to alert the owner.

Thanks for flying TAG!

@ylafon ylafon closed this as completed Jul 26, 2022
@ylafon ylafon added the Resolution: satisfied The TAG is satisfied with this design label Jul 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Resolution: satisfied The TAG is satisfied with this design Review type: CG early review An early review of general direction from a Community Group
Projects
None yet
Development

No branches or pull requests

4 participants