Comment by upofadown
6 years ago
><img src="http://localhost:xxxxx/launch?action=join&confno=492468757"/...
So a browser allows a random remote website access to stuff running on the localhost interface? Is this a good idea? Stuff like camera access I can at least disable...
Yep. This[0] post[1] from a few months ago touched on this with more discussion.
[0] https://news.ycombinator.com/item?id=20028108
The browsers allows anything according to the CORS configuration on the target website. Perhaps it would be a good idea to prompt for access to localhost/127.* resources.