New connections and port blocking #889
Labels
Comments
annevk
added
security/privacy
|
And #1191 (comment). |
|
I think so. But I'm not sure what to do when a failure happens at that level. |
|
I was looking at the algorithm in Fetch and it seemed that if "obtain a connection" did the check nothing would really change in terms of observable behavior. Although it depends a bit on whether we'd still do CSP checks if we decided the port was blocked. As written though you could be forgiven for thinking both would run. A notable exception here is WebSocket connections, which is why I tried to tackle that. But I would also be okay with having the check in both places. The failure would surface the same way as a DNS failure. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When opening a new connection, should port blocking be consulted? Otherwise
Alt-Svcand maybe other features can be used to circumvent it.cc @whatwg/security
The text was updated successfully, but these errors were encountered: