I agree. Using the browser to access local-exposed HTTP resources is an
important way to bridge the native/mobile gap. User permission (pre-arranged,
persistent, or session-based) can be explicitly required if needed, but blanket
prohibition on intra-device communication via HTTP is too blunt-force a
response to potential risks from malicious sites. Other efforts (e.g. content
security policies) should also be limiting the prevalence of such attacks over
From: Anders Rundgren [mailto:email@example.com]
Sent: Monday, March 16, 2015 11:57 PM
Subject: Access to localhost to be outlawed?
Since popular services like DropBox and Spotify depend on this non-standardized
way of bypassing the browser, I think this strengthens my argument that we
need a standard way to do this.
The time for that is now.