* 仕様書

[REFS[
- [25] [CITE@en[Secure Contexts]], [TIME[2020-03-30 22:34:37 +09:00]] <https://w3c.github.io/webappsec-secure-contexts/#localhost>
- [26] [CITE@en[Secure Contexts]], [TIME[2020-03-30 22:34:37 +09:00]] <https://w3c.github.io/webappsec-secure-contexts/#potentially-trustworthy-origin>
]REFS]

* ドメイン

[FIG(short list)[ [28] [CODE[localhost]]
- [CODE[localhost]]
- [CODE@en[[[localhost.localdomain]]]]
- [CODE[localhost4]]
- [CODE[localhost6]]
- [CODE[localhost4.localdomain4]]
- [CODE[localhost6.localdomain6]]
- [CODE[docker.for.mac.localhost]]
- [CODE[docker.for.win.localhost]]
- [CODE[docker.for.lin.localhost]]

]FIG]

* 名前解決規則

[27] 
[[潜在的に信頼できる起源]]の判定では[[名前解決規則]]の性質が結果に影響します。
[SRC[>>25, >>26]]

* 関連

[23] [SEE[ [CODE[127.0.0.1]]、[CODE[::1]] ]]

[SEE[ [[特別なドメイン名]] ]]

* 歴史

[29] [CITE@en[[[RFC 2606]] - Reserved Top Level DNS Names]], [TIME[2021-03-28T07:19:55.000Z]], [TIME[2021-04-09T08:41:39.119Z]] <https://tools.ietf.org/html/rfc2606#section-2>

[1] [CITE@en[RFC 6761 - Special-Use Domain Names]]
( ([TIME[2013-06-27 22:35:13 +09:00]] 版))
<http://tools.ietf.org/html/rfc6761#section-6.3>

[2] かつては [CODE(URI)[file://localhost/]] と [CODE(URI)[file:///]] は同義とされていました。

[FIG(quote)[
[FIGCAPTION[
[3] [CITE@en[RFC 6761 - Special-Use Domain Names]]
([TIME[2015-03-24 01:45:33 +09:00]] 版)
<http://tools.ietf.org/html/rfc6761#section-6.3>
]FIGCAPTION]

> Name resolution APIs and libraries SHOULD recognize localhost
names as special and SHOULD always return the IP loopback address
for address queries and negative responses for all other query
types.

]FIG]

[4] この規定より事実上全てのシステムで [CODE[[[localhost]]]] は
[CODE[[[127.0.0.1]]]] に[[名前解決]]されます。

[FIG(quote)[
[FIGCAPTION[
[5] [CITE@en[MySQL :: MySQL 5.7 Reference Manual :: 4.2.2 Connecting to the MySQL Server]]
([TIME[2015-11-04 19:13:52 +09:00]] 版)
<https://dev.mysql.com/doc/refman/5.7/en/connecting.html>
]FIGCAPTION]

> On Unix, MySQL programs treat the host name localhost specially, in a way that is likely different from what you expect compared to other network-based programs. For connections to localhost, MySQL programs attempt to connect to the local server by using a Unix socket file. This occurs even if a --port or -P option is given to specify a port number. To ensure that the client makes a TCP/IP connection to the local server, use --host or -h to specify a host name value of 127.0.0.1, or the IP address or name of the local server. You can also specify the connection protocol explicitly, even for localhost, by using the --protocol=TCP option. 

]FIG]


[6] [CITE@en['''['''secure-contexts''']''' `*.localhost` + DNS]]
( ([[Mike West]]著, [TIME[2016-05-03 19:22:56 +09:00]]))
<https://lists.w3.org/Archives/Public/public-webappsec/2016May/0006.html>

[7] [CITE@en-US[Support | Dell US]] ([[Dell US]]著, [TIME[2016-05-06 00:58:46 +09:00]]) <http://www.dell.com/support/home/us/en/19/Products/?IsTag=False&IsInvalidSelection=False>

[8] >>7 アクセスすると、なぜか [CODE[http://localhost:8884]] へのアクセスが発生します。
[[JSONP]] を呼び出そうとしているようです。
[TIME[2016-05-05T15:59:13.600Z]]

[9] [CITE@en[Exclude 'localhost.' and '.localhost.'.]]
( ([[mikewest]]著, [TIME[2016-05-06 17:51:04 +09:00]]))
<https://github.com/w3c/webappsec-secure-contexts/commit/77175e335f96e52431888dfacf382c47e9637aeb>

[10] [CITE@en[Issue 224215 - chromium - Can't access a local webserver anymore - Monorail]]
( ([TIME[2016-06-16 19:30:09 +09:00]]))
<https://bugs.chromium.org/p/chromium/issues/detail?id=224215>

[FIG(quote)[
[FIGCAPTION[
[11] [CITE@en-US[Chrome incompatibilities - Mozilla | MDN]]
( ([TIME[2016-06-14 10:15:04 +09:00]]))
<https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Chrome_incompatibilities>
]FIGCAPTION]

> content_security_policy
> Firefox does not support:
> "http://127.0.0.1" or "http://localhost" as script sources: they must be served over HTTPS.

]FIG]


[12] [CITE@en[Rewrite algorithm to handle sandboxes inside 'http://127.0.0.1/']]
([[mikewest]]著, [TIME[2016-07-19 21:08:23 +09:00]])
<https://github.com/w3c/webappsec-secure-contexts/commit/4e14df58c1148bcb448992d4b579a50f4f881051>

[FIG(quote)[
[FIGCAPTION[
[13] [CITE[ARIB TR-B39]]
([TIME[2016-07-25 17:01:00 +09:00]])
<http://www.arib.or.jp/english/html/overview/doc/4-TR-B39v1_0-1p4.pdf#page=292>
]FIGCAPTION]

> ベース URL のスキーマ等については特に規定しないが、受信機は、放送及び通信で伝送され
> るアプリケーションの両方において、6.1.3.6 に示した形式の URL で参照した場合に、放送
> で伝送されるアプリケーションデータへのアクセス(XMLHttpRequest による取得を含む。)
> が可能となるベース URL を返す必要がある。また、少なくともアプリケーションが終了する
> まではベース URL は不変でなければならない。
>  - ベース URL の例:"http://localhost:<port_number>/"

]FIG]


[14] [CITE@en[`localhost` as Secure Context, take 2 (was Re: CfC: Transition  "Secure Contexts" to CR; deadline August 2nd.)]]
([[Mike West]]著, [TIME[2016-09-28 21:24:00 +09:00]])
<https://lists.w3.org/Archives/Public/public-webappsec/2016Sep/0120.html>

[15] [CITE@en[draft-west-let-localhost-be-localhost-02 - Let 'localhost' be localhost.]]
([TIME[2016-09-28 17:05:17 +09:00]])
<https://tools.ietf.org/html/draft-west-let-localhost-be-localhost-02>

[16] [CITE@en[Dropping the 'localhost' exclusion.]]
([[mikewest]]著, [TIME[2016-11-17 19:14:56 +09:00]])
<https://github.com/w3c/webappsec-secure-contexts/commit/3ed6fb4248f18b08181ad92bc7e22249f3ad178b>

[FIG(quote)[
[FIGCAPTION[
[17] [CITE@en[Webmention]]
([TIME[2017-01-11 04:06:01 +09:00]])
<https://webmention.net/draft/#h-avoid-sending-webmentions-to-localhost>
]FIGCAPTION]

> During the discovery step, if the sender discovers the endpoint is localhost or a loopback IP address (127.0.0.0/8), it should not send the Webmention to that endpoint.

]FIG]


[FIG(quote)[
[FIGCAPTION[
[18] [CITE@en[Connecting to the Qlik Engine API ‒ Qlik Sense]]
([TIME[2017-05-25 23:17:34 +09:00]])
<http://help.qlik.com/en-US/sense-developer/3.2/Subsystems/EngineAPI/Content/GettingStarted/connecting-to-engine-api.htm>
]FIGCAPTION]

> After you launch Qlik Sense Desktop and log in, you can connect to the Qlik Engine API using the following URI:
> ws://localhost:4848/app/

]FIG]


[19] [CITE@en[Cover localhost names for searchlists.]]
([[mikewest]]著, [TIME[2016-11-19 01:06:03 +09:00]])
<https://github.com/mikewest/internetdrafts/commit/d7084ebf36cce8cfd99bb1df3b33aa7957c959a7>

[20] [CITE['''['''DNSOP''']''' DNSOP Call for Adoption - draft-west-let-localhost-be-localhost]]
([TIME[2017-09-21 12:50:12 +09:00]])
<https://www.ietf.org/mail-archive/web/dnsop/current/msg20963.html>

[FIG(quote)[
[FIGCAPTION[
[21] [CITE@en[Networking features in Docker for Mac | Docker Documentation]]
([TIME[2017-12-29 00:22:26 +09:00]])
<https://docs.docker.com/docker-for-mac/networking/#use-cases-and-workarounds>
]FIGCAPTION]

> I WANT TO CONNECT FROM A CONTAINER TO A SERVICE ON THE HOST
> The Mac has a changing IP address (or none if you have no network access). From 17.06 onwards our recommendation is to connect to the special Mac-only DNS name docker.for.mac.localhost which will resolve to the internal IP address used by the host.

]FIG]


[FIG(quote)[
[FIGCAPTION[
[22] [CITE@ja[Microsoft Edge でローカルホストにアクセスできない問題を解決する - Browser]]
([TIME[2018-01-08 16:33:48 +09:00]])
<http://browser.hatenablog.com/entry/2016/01/29/190856>
]FIGCAPTION]

> 初期状態ではアドレスバーに http://localhost や IP を入力してもローカルホストへのアクセスはできません。

]FIG]


[FIG(quote)[
[FIGCAPTION[
[24] [CITE@en[Strava Developers]]
([TIME[2018-11-15 07:15:08 +09:00]])
<https://developers.strava.com/docs/authentication/>
]FIGCAPTION]

> redirect_uri 
> required string, in query	URL to which the user will be redirected after authentication. Must be within the callback domain specified by the application. localhost and 127.0.0.1 are white-listed.

]FIG]


[30] [CITE@ja[意外と多い localhost の DMCA 削除要請、Google は1回だけ削除していた | スラド YRO]]
([TIME[2021-08-12T01:15:47.000Z]])
<https://yro.srad.jp/story/21/08/11/0029206/>

[31] [CITE@ja[ローカルホストリソース・パーミッション | Brave Browser]], [TIME[2023-06-29T13:22:19.000Z]], [TIME[2023-07-05T07:53:23.421Z]] <https://brave.com/ja/privacy-updates/27-localhost-permission/>

[32] [CITE@en[adblock-lists/brave-lists/localhost-permission-allow-list.txt at master · brave/adblock-lists · GitHub]], [TIME[2023-07-05T07:54:18.000Z]] <https://github.com/brave/adblock-lists/blob/master/brave-lists/localhost-permission-allow-list.txt>

[33] [CITE@en[171934 – Don't treat loopback addresses (127.0.0.0/8, ::1/128, localhost, .localhost) as mixed content]], [TIME[2023-07-05T08:00:19.000Z]] <https://bugs.webkit.org/show_bug.cgi?id=171934>

[34] [CITE@en[feat: *.localhost subdomain gateway support with http proxy by lidel · Pull Request #853 · ipfs/ipfs-companion · GitHub]], [TIME[2023-08-10T03:09:15.000Z]] <https://github.com/ipfs/ipfs-companion/pull/853>