@justinschuh: Enough to require a preflight + non-wildcard ACAO for all web->RFC1918 requests? @BRIAN_____ @fugueish @ericlaw @frgx @imelven
2
@mikewest @justinschuh @fugueish @ericlaw @frgx @imelven If it's truly local, the latency should be very low.
1
1
I slapped mikewest.github.io/cors-rfc1… together this morning. WDYT, @BRIAN_____ @justinschuh @fugueish @ericlaw @frgx @imelven @sleevi_ @dveditz?
5
3
@mikewest It's probably covered, but is DNS rebinding a concern? Also, what happens if attacker emails .hrml doc that local loads attack?
Dec 27, 2015 · 1:11 PM UTC
3


