@@ -465,11 +465,14 @@ <h3>Processing model</h3>
465465 < p > Then < a > send an error</ a > with < a > error code</ a > < a > unknown
466466 error</ a > , and jump to step 1.</ p >
467467
468- < p class =note > Rejecting connections with unexpected values in the
469- < a > Host header</ a > prevents DNS rebinding attacks. Implementations can opt
470- to provide more stringent controls where appropriate, for example
471- only accepting connections when the < var > host</ var > value
472- corresponds to a loopback interface [[RFC5735]].</ p > </ li >
468+ < p class ="note "> Rejecting connections with unexpected values in the
469+ < a > Host header</ a > prevents DNS rebinding attacks. Implementations
470+ can opt to provide more stringent controls where appropriate, for
471+ example only accepting connections when the < var > host</ var > value
472+ corresponds to a loopback interface [[RFC5735]]. Further guidance
473+ for implementors is given in the < a href ="#security "> security</ a >
474+ section.</ p >
475+ </ li >
473476
474477 < li > < p > If < var > origin</ var > is not undefined and is not identical to
475478 an < a > Origin header</ a > value that the implementation has been
@@ -10494,18 +10497,18 @@ <h2>Security</h2>
1049410497 and that WebDriver remains disabled
1049510498 in publicly consumed versions of the user agent.
1049610499
10497- < p > To prevent arbitrary machines on the network
10498- from connecting and creating < a > sessions</ a > ,
10499- it is suggested that only connections from
10500- loopback devices are allowed by default.
10501-
10502- < p > The < a > remote end</ a > can include
10503- a configuration option to limit
10504- the accepted IP range allowed to connect and make requests.
10505- The default setting for this might be
10506- to limit connections to the IPv4 localhost
10507- CIDR range < code > 127.0.0.0/8 </ code >
10508- and the IPv6 localhost address < code > ::1 </ code > . [[RFC4632]]
10500+ < p > To prevent arbitrary machines on the network from connecting and
10501+ creating < a > sessions</ a > , it is suggested that only connections from
10502+ loopback devices are allowed by default. However, testing setups
10503+ commonly put the < a > remote end </ a > and < a > local end </ a > on different
10504+ network hosts. Users deploying such a setup are encouraged to
10505+ restrict access to the remote end to the greatest extent possible,
10506+ either by restricting network connections to trusted hosts (e.g. in
10507+ the case of a lab setting, or the remote end running in a containers
10508+ on the same bridged network), or by routing all connections through
10509+ an < a > intermediary node </ a > that provides authorization and
10510+ authentication. < a > Remote end </ a > implementors are encouraged to
10511+ provide minimal, opt-in, configuration to support these scenarios.
1050910512
1051010513< p > It is also suggested that user agents
1051110514 make an effort to visually distinguish
0 commit comments