(In reply to Chris Thompson from comment #49) > Thanks for flagging! I've made a note in https://crbug.com/427437805#comment4 that we are missing this and I'll get a CL up to make us match the spec. Thanks! Do we actually want to match the spec on this, though? Or do we want to just change the spec? I personally don't see any value from treating 198.18.*.* as "local machine/loopback" given that we have evidence that some routers treat that range like any other IP range (assigning addresses from it). (I think the only reason the spec gives this range special treatment is that it's technically reserved for "for use in benchmark tests of network interconnect devices" per https://datatracker.ietf.org/doc/html/rfc5735 ; but that's irrelevant to browser users when a site attempts to load a resource whose IP happens to be in this range [because a router/network-operator used this range without realizing it was reserved, or they used it *because* it was reserved and hence available-to-them]. And there's no reason that I see to consider that IP address as being loopback-like.)
Bug 1980302 Comment 51 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Chris Thompson from comment #49) > Thanks for flagging! I've made a note in https://crbug.com/427437805#comment4 that we are missing this and I'll get a CL up to make us match the spec. Thanks! Do we actually want to match the spec on this, though? Or do we want to just change the spec? I personally don't see any value from treating `198.18.*.*` as "local machine/loopback" given that we have evidence that some routers treat that range like any other IP range (assigning addresses from it). (I think the only reason the spec gives this range special treatment is that it's technically reserved for "for use in benchmark tests of network interconnect devices" per https://datatracker.ietf.org/doc/html/rfc5735 ; but that's irrelevant to browser users when a site attempts to load a resource whose IP happens to be in this range [because a router/network-operator used this range without realizing it was reserved, or they used it *because* it was reserved and hence available-to-them]. And there's no reason that I see to consider that IP address as being loopback-like.)
(In reply to Chris Thompson from comment #49) > Thanks for flagging! I've made a note in https://crbug.com/427437805#comment4 that we are missing this and I'll get a CL up to make us match the spec. Thanks! Do we actually want to match the spec on this, though? Or do we want to just change the spec? I personally don't see any value from treating `198.18.*.*` as "local machine/loopback" given that we have evidence that some routers treat that range like any other public IP range (assigning addresses from it). (I think the only reason the spec gives this range special treatment is that it's technically reserved for "for use in benchmark tests of network interconnect devices" per https://datatracker.ietf.org/doc/html/rfc5735 ; but that's irrelevant to browser users when a site attempts to load a resource whose IP happens to be in this range [because a router/network-operator used this range without realizing it was reserved, or they used it *because* it was reserved and hence available-to-them]. And there's no reason that I see to consider that IP address as being loopback-like.)