Erik Nygren
Erik Nygren
With the introduction of HTTP/3, Fetch should likely have additions to the bad port list covering common UDP attack vectors. As @davidben mentions in #1189 this should also probably explicitly...
Relying purely on the public-suffix-list for limiting cookie scope doesn't scale well. It would be preferable if there was a way for servers to indicate that cookie scope should be...
The security issues motivating CSP Cookie Controls (https://www.w3.org/TR/csp-cookies/) still exist. We at a minimum we should list this as a security consideration. In particular, an origin is unable to restrict...
One of the use-cases for draft-pauly-httpbis-alias-proxy-status may be for influencing connection coalescing behaviors. Since some clients use "is the IP address that the proxy is connecting to overlapping with the...
While not relevant here, opening up this to track this item for elsewhere... TO BE REMOVED: The ALPN semantics in {{AltSvc}} are ambiguous, and problematic in some interpretations. We should...
In digging into production use-cases, there may be scenarios where the "HTTPSSVC means HTTPS-only" is problematic. For example, it may prevent a CDN from turning it on by default (as...
If decoupling from Alt-Svc, having an alternative to Alt-Used would be valuable. This should take lessons from challenges with Alt-Used adoption and should minimize the privacy impact. Some options include:...
### Ansible Version ansible [core 2.13.10] ### Ansible Configuration _No response_ ### Effected Components region_list ### Expected Behavior Should have filtered to return a specific region by id ### Actual...
It appears that oneapi-east.telematicsct.com no longer resolves in DNS and the integration is no longer working. Switching API_GATEWAY to onecdn.telematicsct.com (which is what the app uses) appears to connect but...