RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 6555, "Happy Eyeballs: Success with Dual-Stack Hosts", April 2012

Note: This RFC has been obsoleted by RFC 8305

Source of RFC: v6ops (ops)

Errata ID: 6745
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Matthew Menke
Date Reported: 2021-11-19
Rejected by: Warren Kumari (Ops AD)
Date Rejected: 2024-01-15

Section 5.6 says:

   Web browsers implement a same-origin policy [RFC6454] that causes
   subsequent connections to the same hostname to go to the same IPv4
   (or IPv6) address as the previous successful connection.  This is
   done to prevent certain types of attacks.

   The same-origin policy harms user-visible responsiveness if a new
   connection fails (e.g., due to a transient event such as router
   failure or load-balancer failure).  While it is tempting to use Happy
   Eyeballs to maintain responsiveness, web browsers MUST NOT change
   their same-origin policy because of Happy Eyeballs, as that would
   create an additional security exposure.

It should say:

<This section should be removed>


This entire section should be deleted. Same-Origin policy has nothing to do with what IP connections to the same hostname go to. Two connections to the same host are same origin even if they're using different IPs. Happy Eyeballs is free to use whatever IP for a hostname it wants for an origin, and Same-Origin policy will not be violated.

[ Edit (WK) ]: I am rejecting this Errata because this RFC has been Obsoleted by RFC8305 - "Happy Eyeballs Version 2: Better Connectivity Using Concurrency", which does not contain this text.

Report New Errata

Advanced Search