Re: Access to localhost to be outlawed? from Melvin Carvalho on 2015-03-17 (public-webpayments@w3.org from March 2015)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Tue, 17 Mar 2015 15:52:59 +0100
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Randall Leeds <randall.leeds@gmail.com>, Web Payments CG <public-webpayments@w3.org>
Message-ID: <CAKaEYhKvnuAP+xFb0e_cGs1otGpvcU4Md8VdxrRfpVDMu0KvxA@mail.gmail.com>

On 17 March 2015 at 15:48, Anders Rundgren <anders.rundgren.net@gmail.com>
wrote:

> On 2015-03-17 15:14, Randall Leeds wrote:
>
>> What's this got to do with payments? What do DropBox and Spotify depend
>> on that's relevant here?
>>
>
> DropBox and Spotify depend on browser bypass schemes using localhost.
>
> Payments may do that as well as David Nicol writes here:
> https://lists.w3.org/Archives/Public/public-webpayments/2014Oct/0194.html
>
> GitHub use another browser bypass scheme:
> github-windows://openRepo/https://github.com/cyberphone/
> webpkisuite-4-android
>

Yes, I also use localhost for payments from the browser.

Added my +1 to the call for WONTFIX on this issue.

I locking down the browser in this way will hinder a lot of legitimate use
cases, and provide minimal incremental security.


>
> Anders
>
>>
>> On Tue, Mar 17, 2015 at 12:10 AM Anders Rundgren <
>> anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>>
>> wrote:
>>
>>     https://code.google.com/p/__chromium/issues/detail?id=__378566 <
>> https://code.google.com/p/chromium/issues/detail?id=378566>
>>
>>     Since popular services like DropBox and Spotify depend on this
>> non-standardized
>>     way of bypassing the browser, I think this strengthens my argument
>> that we really
>>     need a standard way to do this.
>>
>>     The time for that is now.
>>
>>     Anders
>>
>>
>
>

Received on Tuesday, 17 March 2015 14:53:30 UTC