Christopher Allan Webber writes: > browsers do and don't allow, but I'm stunned that a browser will let a > request from some http://foo.example/ to http://localhost:37146/, even > for just a GET. It seems like there are all sorts of daemons you can > exploit that way.
This can be pretty useful for embedding an iframe with a local service (I do that for babcom[1]: Decentralized comments over Freenet, sadly still pretty slow, because I’m using an in-Freenet system for that which wasn’t optimized for the usecase). On the downside, companies use the same methods to connect local services with playback-restrictions (DRM) which aren’t easily doable via the web alone. Likely this is the reason why it’s still possible, though I’d wish it were the other way round (possible for the good usages, not possible for the problematic-but-profitable ones)… [1]: http://www.draketo.de/proj/freecom/ Best wishes, Arne -- Unpolitisch sein heißt politisch sein ohne es zu merken
signature.asc
Description: PGP signature
