Sure - a destination is "local" if your machine has a route to that IP which isn't via a gateway.
If your network is large enough that it consists of multiple routed network segments, and you don't have any ACLs between those segments, then yeah, you won't be fully protected by this browser feature. But you aren't protected right now either, so nothing's getting worse, it's just not getting better for your specific use case.
> Sure - a destination is "local" if your machine has a route to that IP which isn't via a gateway.
Fantastic. Well, Google doesn't agree
The proposal defines it along RFC1918 address space boundaries. The spitballing back and forth in the GitHub issues about which imaginary TLDs they will or won't also consider "local" is absolutely horrifying.
Sure - a destination is "local" if your machine has a route to that IP which isn't via a gateway.
If your network is large enough that it consists of multiple routed network segments, and you don't have any ACLs between those segments, then yeah, you won't be fully protected by this browser feature. But you aren't protected right now either, so nothing's getting worse, it's just not getting better for your specific use case.