Shields blocking of localhost connections

Test setup

1. Make sure you can connect to IPv6-only hosts and connect to a VPN for that purpose if needed.
2. Put nameserver 8.8.8.8 in /etc/resolv.conf.
3. Go into chrome://settings/security and diable Always use secure connections.
4. Turn off the chrome://flags/#block-insecure-private-network-requests flag.
5. Restart browser.
6. Load this page with the Network tab of the devtools open.

localhost and friends

These ones are correctly blocked:

• 
• 
• 
• (octal)
• (hex)
• (decimal)
• 
• 

0.0.0.0 and friends

These ones are not blocked and end up as requests on the local machine:

• 
• (octal)
• (hex)
• (decimal)
• (IPv4-mapped IPv6)
• (IPv4-mapped IPv6)
• (IPv4-mapped IPv6)
• 
• 

IPv4-mapped IPv6 addresses

These ones are blocked by CORS-RFC1918 (chrome://flags/#block-insecure-private-network-requests) but should also be blocked by Shields:

• (CORS-RFC1918)
• (CORS-RFC1918)
• (CORS-RFC1918)

DNS-based