Ability to block "reserved" requests in Request Manager

[hrj]

Brought to attention by this blog post. There are two concerns here:

• Ability of remote services to access local services (more precise definition below)
• DNS rebinding which allows circumvention of same-origin policy

If we generalise the problem to all [reserved addresses](https://en.wikipedia.org/wiki/List_of_assigned_ /8_IPv4_address_blocks), then it's about non-reserved services trying to access reserved services.

A solution

When a request is about to be allowed by the Request Manager, the Request Manager should

• resolve the IP address of the request's host
• stamp the request with the resolved address
• check whether the resolved address is in reserved block. If so, make a further check if the request is allowed for that ip-address row & column.

This will only be effective when an IP address can be pinned to the NetworkRequest until the actual HTTP request is issued. I will create a separate issue to track pinning.