One of the improvements will introduce the localhost permission prompt for all requests made to localhost resources. The company explains that it made the deliberate decision to limit permission prompts, as it believes that the number if illegitimate prompts outweighs legitimate access significantly.īrave plans to improve the feature in the future. Brave maintains a list of trusted sites, accessible here, that will trigger a prompt when they are accessed for the first time.Sites do not have the permission by default and most sites won't display a prompt when they try to access localhost resources. Sites with the localhost permission set to allow may "make sub-resource requests to localhost resources". The new Localhost permission gives users control over access.Brave's existing protections against malicious scans of localhost resources and other abuses of localhost resources continue to block these connection attempts. Localhost access from localhost contexts are always allowed by default.Most sites that try to access localhost resources won't trigger the prompt, but users may allow access using the permissions system.īrave Browser uses the following logic regarding localhost access when the change is introduced: Brave 1.54: localhost protectionsīrave Software plans to introduce a change in Brave Browser 1.54 that uses the browser's permission system to give users control over access to localhost resources.įirst visit to Intel's driver & support assistant website, for instance, will trigger the prompt and users may allow or decline access using it. The number of services that access localhost for legitimate purposes is relatively small. Brave Software lists banks, security software, crypto wallets and some hardware devices as other examples of services that make use of localhost connections. Legitimate web applications, like Intel's driver assistant, use localhost resources for functionality. Historically, browsers have always allowed access to localhost resources. The feature, which is not limited by most browsers, may also be abused by malicious or shady sites, for instance as a data source for fingerprinting tracking. Some popular sites and services, Intel's Driver Assistance check comes to mind, require access to localhost resources to work.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |