annevk
commented
1 year ago https://wicg.github.io/local-network-access/ attempts to solve that. It'll eventually be mostly integrated into Fetch.
Open SoniEx2 opened 1 year ago
annevk
commented
1 year ago https://wicg.github.io/local-network-access/ attempts to solve that. It'll eventually be mostly integrated into Fetch.
SoniEx2
commented
1 year ago That's neat, but considering the CSP changes we feel like maybe something with an uniquely allocated, opaque origin would be more appropriate?
Like, that's the real benefit of reverse HTTP: you prevent other connections altogether. And localhost webservers don't need to be able to fetch eachother - they can use standard system-level IPC instead.
(But reverse HTTP does only cover localhost...)
annevk
commented
1 year ago I'm not sure what CSP has to do with it?
SoniEx2
commented
1 year ago this prevents further connections without preflight: https://wicg.github.io/private-network-access/#csp
but it doesn't make a fully isolated sandbox. you can still accept requests from public websites.
(we do appreciate that it blocks navigation by default tho. that's really nice to see.)
avioligo
commented
8 months ago Hey guys, I have wrote about this topic and I have a live demo on https://ports.sh to scan ports over HTTP, you need to have to surf using http://. https:// will scan only https ports.
Sometimes you want a localhost webserver. Instead of exposing it to anything that may run in a browser, and thus be forced to worry about CSRF, XSS, and all that good stuff, what if you just... didn't?
What if you could have your localhost webserver and not have to do all of that?
The only reason those are a concern is because arbitrary websites can connect to the localhost webserver. The obvious solution is to prevent that. The actual approach to prevent that is not as obvious, however, but it'd probably be called "Reverse HTTP" of some sort.