Re: Access to localhost to be outlawed?

I'm not sure I agree. The discussion seems to talk about user-initiated
actions in a way that makes me think that clicking a link or button or
otherwise taking some action that causes a subresource to be loaded from
localhost is fine. What is not fine is unsolicited attempts to access the
local network.

Are you sure this presents a problem for you?

On Tue, Mar 17, 2015 at 7:53 AM Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

> On 17 March 2015 at 15:48, Anders Rundgren <anders.rundgren.net@gmail.com>
> wrote:
>
>> On 2015-03-17 15:14, Randall Leeds wrote:
>>
>>> What's this got to do with payments? What do DropBox and Spotify depend
>>> on that's relevant here?
>>>
>>
>> DropBox and Spotify depend on browser bypass schemes using localhost.
>>
>> Payments may do that as well as David Nicol writes here:
>> https://lists.w3.org/Archives/Public/public-webpayments/2014Oct/0194.html
>>
>> GitHub use another browser bypass scheme:
>> github-windows://openRepo/https://github.com/cyberphone/
>> webpkisuite-4-android
>>
>
> Yes, I also use localhost for payments from the browser.
>
> Added my +1 to the call for WONTFIX on this issue.
>
> I locking down the browser in this way will hinder a lot of legitimate use
> cases, and provide minimal incremental security.
>
>
>>
>> Anders
>>
>>>
>>> On Tue, Mar 17, 2015 at 12:10 AM Anders Rundgren <
>>> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>
>>> wrote:
>>>
>>>     https://code.google.com/p/__chromium/issues/detail?id=__378566 <
>>> https://code.google.com/p/chromium/issues/detail?id=378566>
>>>
>>>     Since popular services like DropBox and Spotify depend on this
>>> non-standardized
>>>     way of bypassing the browser, I think this strengthens my argument
>>> that we really
>>>     need a standard way to do this.
>>>
>>>     The time for that is now.
>>>
>>>     Anders
>>>
>>>
>>
>>