Hi,
Yes, that's a fair point. I think we can explicitly state that as a
non-goal.
It also raises the question about redirect policy generally on the
client side.
What happens if a request over UDS to a server is redirected and
redirects are to be handled automatically? Probably redirects to
the same origin should be allowed, but all others should be
returned to the user to handle.
Thanks,
Michael
On 28/03/2026 09:17, Florian Weimer wrote:
* Michael McMahon:
UDS allows higher performance and security when both client and
server
are located on the same system,
or when communicating between
containers on the same system,
as compared with TCP/IP sockets through the
loopback interface.
The JEP is located at the link below.
https://openjdk.org/jeps/8377806
Regarding URI encoding for UNIX domain paths: I believe it's not done
because it's insecure. UNIX domain socket services do not have
protection against cross-site request forgery and may use the identity
of the connecting user for authorization. If they were reachable over
URLs, you'd likely end up with redirect-based attack vectors (or even
Javascript-driven ones) against these local services.
It's also the reason why we refuse to add additional socket family
support to AF_UNSPEC in getaddrinfo, which would add this capability
transparently to existing URL parsers.
