I agree. Using the browser to access local-exposed HTTP resources is an important way to bridge the native/mobile gap. User permission (pre-arranged, persistent, or session-based) can be explicitly required if needed, but blanket prohibition on intra-device communication via HTTP is too blunt-force a response to potential risks from malicious sites. Other efforts (e.g. content security policies) should also be limiting the prevalence of such attacks over time.
Bryan -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren....@gmail.com] Sent: Monday, March 16, 2015 11:57 PM To: public-webapps Subject: Access to localhost to be outlawed? https://code.google.com/p/chromium/issues/detail?id=378566 Since popular services like DropBox and Spotify depend on this non-standardized way of bypassing the browser, I think this strengthens my argument that we really need a standard way to do this. The time for that is now. Anders