skimming the issues, not seeing one that matches your tweet description. link? and I assume you reported privately not via tracker?
-
-
I don't know if it's true that "most" don't intend to be accessed by the web, certainly some don't. Many that I've looked at recently are trying to workaround misssing npapi, so would opt-in to any preflight checks.
-
I favor early stage blocking all access to local (on-host) IP endpoints from within the browser unless the root page resource also loads from a local (on-host) IP. Too much garbageware running local daemons.
- 1 more reply
New conversation -
-
-
This is the proposed solution: https://wicg.github.io/cors-rfc1918/
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Who cares what "should" be? That is not what "is", and the "is" happens to be where our money resides.
-
Apparently, Google does, as they are implementing a bug fix for localhost access from Internet. https://bugs.chromium.org/p/chromium/issues/detail?id=378566 …
-
You started by saying this wasn't the case, then saying that it was but it's a bug. And now you're declaring victory. Own your fuckups.
-
I stated that websites cannot access localhost unless there is a browser bug that enables access, hence the link to the Chromium bug for this issue.
End of conversation
New conversation -
-
-
I run dozens of applications exposed on localhost that have web administration interfaces. They aren't open to other IPs but they are supposed to be used with a browser.
-
Are you sure they aren't, this webpage scans localhost. Not sure how accurate it is, as it's showing open ports that nmap can't see. My OS might be giving false positives. http://wingolog.org/pub/localhost-portscan.html …
End of conversation
New conversation -
-
-
I would be really annoyed if my browser couldn’t access things on localhost. Instead, people should stop treating things running on localhost as secure. Always encrypt and always require authentication, problem solved.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
