guile-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Add resolve-relative-reference in (web uri), as in RFC 3986

From: Maxime Devos
Subject: Re: [PATCH] Add resolve-relative-reference in (web uri), as in RFC 3986 5.2.
Date: Wed, 4 Oct 2023 00:30:05 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 


     The best prevention is not allowing redirects at all or only
     allowing redirections that keep the hostname intact -- while an
     option for much software, it isn't an option for web browsers.
Partially scratch that -- restricting to ‘keeping hostname intact’ is insufficient, because there could be a DNS record that points 'website via http' to 127.0.0.1, and hence a redirect from https://website --> http://website can change IP addresses from global Internet to local computer. 

Best regards,
Maxime Devos.

Attachment: OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]