serves the Javascript that opens the WS should remain constant. If WS
resolves the host/domain to a different address than the HTTP it was
spawned
from, it becomes a method to bypass same-origin / CORS restrictions.
That's an unfortunate misunderstanding.
All protocols that use SRV records maintain the target domain.
So a ws://example.com/xyz would still send a Host header of "example.com",
whether SRV or not, so there is no impact on same origin policy, CORS, etc.
Good to know, thank you.
Actually....I wasn't talking about the Host: header - that is totally
spoofable...I was concerned about:
1. Browser client resolves example.com via old style DNS to x.x.x.x and
fetches HTTP
2. Received HTML starts JS which starts WS connection
3. WS resolves example.com via DNS SRV to y.y.y.y and opens
4. WS now has access outside origin.
Please note, I did not specify why DNS SRV resolved differently than old
style DNS - could be malicious, could be an simple mistake. I am
assuming the DNS SRV and old DNS might be answered from different servers.
Do browsers restrict origin / cross-site access based on name or on address?
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf