.
1. If the initiating origin has been granted the local
network access permission, return null.
2. If the initiating origin has been denied the local network
@@ -667,62 +677,51 @@ Update [[FETCH]] as follows:
2. If the user denies the permission, return |error|.
1. Return null.
- 1. The [$fetch$] algorithm is amended to add 2 new steps right after request’s
- policy container is set:
+ 1. The [$fetch$] algorithm is amended to add 2 new steps right after |request|’s
+ [=request/policy container=] is set:
- 1. If |request|’s target IP address space is null:
+ 1. If |request|’s [=request/target IP address space=] is null:
- 1. If |request|’s URL’s host *host* is an IP address and the result
- of running the determine the IP address space algorithm on *host* is
- “local”, then set *request*’s target IP address space property to
- “local”.
- 2. If |request|’s URL’s host’s public suffix is `"local"`, then set
- |request|’s target IP address space property to `"local"`.
+ 1. If |request|’s [=request/URL=]’s [=url/host=] *host* is an [=IP address=]
+ and the result of running the [=determine the IP address space=] algorithm
+ on *host* is [=IP address space/local=], then set *request*’s
+ [=request/target IP address space=] to [=IP address space/local=].
+ 2. If |request|’s [=request/URL=]’s [=url/host=]’s [=host/public suffix=] is
+ `"local"`, then set |request|’s [=request/target IP address space=] to
+ [=IP address space/local=].
- NOTE: We could also set the target IP address space to `local` if
- the request’s URL’s host is “localhost” or “127.0.0.1” (because of
- [[LET-LOCALHOST-BE-LOCALHOST]]), but we do not need special
- handling for the loopback case as it is already considered to be
+ NOTE: We could also set the target IP address space to
+ [=IP address space/local=] if the request’s URL’s host is “localhost” or
+ “127.0.0.1” (because of [[LET-LOCALHOST-BE-LOCALHOST]]), but we do not need
+ special handling for the loopback case as it is already considered to be
potentially trustworthy and won’t trigger mixed content checks.
NOTE: We don’t set the target IP address space here if it was
already non-null in order to prefer the explicit
targetAddressSpace if set by the fetch() API.
- 1. The [$HTTP-network fetch$] algorithm is amended to add 3 new steps right
+ 1. The [=HTTP-network fetch=] algorithm is amended to add 3 new steps right
after checking that the newly-obtained connection is not
failure:
- 1. Set |response|'s [=response/IP address space=] to
- |connection|'s [=connection/IP address space=].
+ 1. Set |response|'s [=response/IP address=] to
+ |connection|'s [=connection/IP address=].
1. Let |localNetworkAccessCheckResult| be the result of running
- [=Local Network Access check=] for |fetchParams|' [=request=] and
- |connection|.
+ [=Local Network Access check=] for fetchParams'
+ [=request=] and |connection|'s [=connection/IP address=].
- 1. If |localNetworkAccessCheckResult| is a [=network error=], return
+ 1. If |localNetworkAccessCheckResult| is a [=network error=], then return
|localNetworkAccessCheckResult|.
- 1. Define a new algorithm called HTTP-no-service-worker fetch
- based on the existing steps in [=HTTP fetch=] that are run if |response|
- is still null after handling the fetch via service workers, and amend
- those slightly as follows:
+ 1. The [=HTTP-network-or-cache fetch=] algorithm is amended to add a new step
+ right after Step 9:
- 1. Immediately after running HTTP-network-or-cache fetch:
- 1. If |response| is a [=network error=] and |response|'s
- [=response/IP address space=] is non-null, then:
-
- 1. Set |request|'s [=request/target IP address space=] to
- |response|'s [=response/IP address space=].
-
- 1. Return the result of running [=HTTP-no-service-worker fetch=]
- given |fetchParams|.
-
- NOTE: Because request’s target IP address space is set to a non-null
- value when recursing, this recursion can go at most 1 level deep.
-
-TODO: Figure out what we need to add for cache fetch. A sketch of Chromium’s
-behavior is included below in [[#http-cache]].
+ 1. If |response| is not null:
+ 1. Let |localNetworkAccessCheckResult| be the result of running
+ [=Local Network Access check=] for |request| and |response|'s
+ [=response/IP address=].
+ 2. If |localNetworkAccessCheckResult| is a [=network error=], then return |localNetworkAccessCheckResult|.
NOTE: The requirement that local network requests be made from secure contexts
means that any insecure request will be blocked as mixed content unless we can
@@ -781,7 +780,7 @@ appropriate](https://w3c.github.io/webappsec-mixed-content/level2.html#upgrade-a
algorithm is amended to add the following condition as an exception from
upgrading in step 1:
- 6. |request|’s target IP address space is [=IP address space/local=]
+ 6. |request|’s[=request/target IP address space=] is [=IP address space/local=]
## Integration with WebSockets ## {#integration-with-websockets}
@@ -819,14 +818,13 @@ the [[HTML]] specification is patched as follows:
2. An additional step is added to the [=clone a policy container=] algorithm:
- 1. Set clone's [=policy container/IP address space=] to
+ 1. Set clone's [=policy container/IP address space=] to the
policyContainer's [=policy container/IP address space=].
3. An additional step is added to the [=create a policy container from a fetch response=]
algorithm:
- 1. Set result's [=policy container/IP address space=]
- to response's [=response/IP address space=].
+ 1. Set result's [=policy container/IP address space=] the result of running the [=determine the IP address space=] algorithm on response's [=response/IP address=].
@@ -938,9 +936,10 @@ on some information about the IP address behind the proxy.
## HTTP Cache ## {#http-cache}
-The current implementation of this specification in Chromium interacts with the
-HTTP cache in two noteworthy ways, depending on which kind of resource is
-loaded from cache.
+Responses from the HTTP cache are subject to the Local Network Access
+check, as specified in [[#integration-with-fetch]] above.
+Below are some additional details about how to how those checks work in practice
+(with some examples) depending on which kind of resource is loaded from cache.
### Main resources ### {#http-cache-main-resources}
@@ -968,14 +967,6 @@ IP address space is now set to local.
### Subresources ### {#http-cache-subresources}
-Subresources loaded from the HTTP cache are subject to the Local Network Access
-check. This is not yet reflected in the algorithms above, since that check is
-only applied in [$HTTP-network fetch$].
-
-TODO: Specify and explain Chromium’s behavior here, or add an
-[$HTTP-network-or-cache fetch$] integration above. See
-. We include a sketch below.
-
As with main resources, a subresource constructed from a cached response
remembers the IP address from which the response was initially loaded. The IP
address space of the response is derived anew from the IP address.
@@ -1152,7 +1143,7 @@ progress, despite the lingering risk from local network attackers.
Cached subresources are protected by this specification, as the HTTP cache
remembers the source IP address which can be used in the Local Network Access
-check algorithm during [$HTTP-network-or-cache fetch$].
+check algorithm during [=HTTP-network-or-cache fetch=].
Without this check, a malicious public website might be able to determine
whether a user has visited particular private websites in the past.