Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

><img src="http://localhost:xxxxx/launch?action=join&confno=492468757"/...

So a browser allows a random remote website access to stuff running on the localhost interface? Is this a good idea? Stuff like camera access I can at least disable...



Yep. This[0] post[1] from a few months ago touched on this with more discussion.

[0] http://http.jameshfisher.com/2019/05/26/i-can-see-your-local...

[1] https://news.ycombinator.com/item?id=20028108


The browsers allows anything according to the CORS configuration on the target website. Perhaps it would be a good idea to prompt for access to localhost/127.* resources.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: