Consider treating Access-Control-Request-Private-Network a forbidden system request header
Categories
(Core :: DOM: Networking, task, P3)
Tracking
()
People
(Reporter: twisniewski, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
This header is in the web platform tests, expected to be forbidden: http://wpt.live/fetch/api/request/request-headers.any.html
It appears to be part of the Private Network Access feature Chrome is work on. https://developer.chrome.com/blog/private-network-access-update/
If we want to treat it as a forbidden header as well, then it should suffice to add it to the relevant list in https://searchfox.org/mozilla-central/source/dom/base/nsContentUtils.cpp#7453
But is this something we want to do without implementing the Private Network Access feature?
|
Reporter | |
Updated•2 years ago
|
|
||
Comment 1•2 years ago
|
||
But is this something we want to do without implementing the Private Network Access feature?
Private Network Access is not a part of nekco's roadmap for now.
Maybe it's more related to privacy team. Tim, could you comment on this?
Thanks.
|
||
Comment 2•2 years ago
|
||
Mozilla's position on private network access(Or local network access) is positive. And we have a tracking meta bug for this, Bug 1481298. I think this bug can be part of the work there. It's currently not on the anti-tracking team's roadmap as well, though.
The spec proposes modifying the Fetch spec, so I think it will be on DOM's roadmap.
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Comment 3•8 months ago
|
||
This is specific to CORS-based PNA (which we aren't doing) and not relevant to its rebirth as LNA.
Description
•