← Back to context

Comment by lordofgibbons

4 days ago

How and why do browsers allow this? Why wouldn't the browser ask for permission in the same way that it does for Microphone access?

It's insane to allow any random website to port scan my LAN. If this wasn't a "feature", I would have considered this a high severity vulnerability

7 comments

lordofgibbons

Reply
JJJollyjim  4 days ago

Chrome doesn't allow it - local network services have to opt-in to being fetchable from public sites (https://github.com/WICG/private-network-access), although they're replacing it with a user-permission-based approach (https://github.com/WICG/local-network-access).

(There is some language online suggesting PNA has not actually shipped, but I experienced it myself in stable Chrome several years ago, so I am unsure of the current state).

Firefox doesn't implement either approach -- I assume this is indicative of their lack of development resources.

  • adithyassekhar  4 days ago

    > Firefox doesn't implement either approach -- I assume this is indicative of their lack of development resources.

    Since ublock had this as a feature for a long time, I'm sure they are aware of it. Unlike other non funded oss projects, Firefox can't and shouldn't shield themselves with this lack of development resource excuse. They have millions.

    • johncolanduoni  4 days ago

      A trillion dollar company (that loves huge vanity projects) gave up on maintaining a browser because it was too much work and just ship a Chrome fork now. I won’t defend Mozilla’s allocation of their resources, but even if they put it all into the “right” Firefox features the web platform is too complex and too much of a moving target for a company with mere centi-million revenues.

      3 replies →