Open arthuredelstein opened 1 year ago
some chromium related documents that might interest you
Intent to Experiment: Private Network Access preflight requests for subresources Intent to Deprecate and Remove: Private Network Access requests for subresources without proper preflight response
that's something I was checking out too.
some detail here
Render-initiated navigations to filesystem:// URLs are blocked in top-level frames, but are currently allowed in
iframes. As part of the storage partitioning efforts, we propose to remove support for navigation to
filesystem:// URLs in iframes. Preventing navigation in third-party contexts would be sufficient for
our privacy goals, but as usage is almost non-existent, we believe removing support for navigation in
iframes altogether is the better approach.
source: https://groups.google.com/a/chromium.org/g/blink-dev/c/2V7lIYDkdtI
With Chromium, the local server has to opt-in to these preflight requests, which doesn't really work if the local server is also malicious.
What the hell?