W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

RE: Access to localhost to be outlawed?

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Tue, 17 Mar 2015 15:07:52 +0000
To: "'Anders Rundgren'" <anders.rundgren.net@gmail.com>, public-webapps <public-webapps@w3.org>
Message-ID: <59A39E87EA9F964A836299497B686C351F918B94@CAFRFD1MSGUSRIA.ITServices.sbc.com>
I agree. Using the browser to access local-exposed HTTP resources is an important way to bridge the native/mobile gap. User permission (pre-arranged, persistent, or session-based) can be explicitly required if needed, but blanket prohibition on intra-device communication via HTTP is too blunt-force a response to potential risks from malicious sites. Other efforts (e.g. content security policies) should also be limiting the prevalence of such attacks over time.

Bryan

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren.net@gmail.com] 
Sent: Monday, March 16, 2015 11:57 PM
To: public-webapps
Subject: Access to localhost to be outlawed?

https://code.google.com/p/chromium/issues/detail?id=378566


Since popular services like DropBox and Spotify depend on this non-standardized
way of bypassing the browser, I think this strengthens my argument that we really
need a standard way to do this.

The time for that is now.

Anders

Received on Tuesday, 17 March 2015 15:09:49 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:26 UTC