You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sometimes you want a localhost webserver. Instead of exposing it to anything that may run in a browser, and thus be forced to worry about CSRF, XSS, and all that good stuff, what if you just... didn't?
What if you could have your localhost webserver and not have to do all of that?
The only reason those are a concern is because arbitrary websites can connect to the localhost webserver. The obvious solution is to prevent that. The actual approach to prevent that is not as obvious, however, but it'd probably be called "Reverse HTTP" of some sort.
The text was updated successfully, but these errors were encountered:
That's neat, but considering the CSP changes we feel like maybe something with an uniquely allocated, opaque origin would be more appropriate?
Like, that's the real benefit of reverse HTTP: you prevent other connections altogether. And localhost webservers don't need to be able to fetch eachother - they can use standard system-level IPC instead.
Sometimes you want a localhost webserver. Instead of exposing it to anything that may run in a browser, and thus be forced to worry about CSRF, XSS, and all that good stuff, what if you just... didn't?
What if you could have your localhost webserver and not have to do all of that?
The only reason those are a concern is because arbitrary websites can connect to the localhost webserver. The obvious solution is to prevent that. The actual approach to prevent that is not as obvious, however, but it'd probably be called "Reverse HTTP" of some sort.
The text was updated successfully, but these errors were encountered: