Actually....I wasn't talking about the Host: header - that is totally spoofable...I was concerned about:1. Browser client resolves example.com via old style DNS to x.x.x.x and fetches HTTP2. Received HTML starts JS which starts WS connection3. WS resolves example.com via DNS SRV to y.y.y.y and opens4. WS now has access outside origin.Please note, I did not specify why DNS SRV resolved differently than old style DNS - could be malicious, could be an simple mistake. I am assuming the DNS SRV and old DNS might be answered from different servers.
You definitely could set it up such that the results from an SRV lookup points to a different server than that resulting from a lookup of AAAA or A; that's kind of the point. The SRV lookup is to a service within the original domain, but the resulting looking up could have results outside it. To go back to Dave Cridland's example, you can see that the result of the SRV is another name requiring lookup.
;; ANSWER SECTION:
_xmpp-server._tcp.gmail.com. 26125 IN SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 20 0 5269 xmpp-server1.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 20 0 5269 xmpp-server2.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 20 0 5269 xmpp-server3.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 20 0 5269 xmpp-server4.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 5 0 5269 xmpp-server.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 20 0 5269 xmpp-server1.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 20 0 5269 xmpp-server2.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 20 0 5269 xmpp-server3.l.google.com.
_xmpp-server._tcp.gmail.com. 26125 IN SRV 20 0 5269 xmpp-server4.l.google.com.
You'd have to avoid the results triggering the antibodies to a cross-site scripting attack in order to deploy this well, in my opinion.
regards,
Ted
Do browsers restrict origin / cross-site access based on name or on address?
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf