Hacker Read

sebzim4500 · 2023-02-18 18:05:48

Am I missing something? It's my understanding that chromium based browsers also allow listening to requests same as before, they merely aren't allowed to block them anymore.

david422 | karma 1097 | avg karma 2.66 · | 2022-02-18 13:59:41

Once again, shouldn't that be controlled by the browser? The users browser is making the request, not the website.

evgpbfhnr | karma | avg karma · | 2024-04-09 03:26:40

Yeah, says Forbidden in firefox or curl but loads in chromium - welcome to the open web of browser interoperability etc etc where servers now just decide your user agent or tls handshake or whatever is fishy.

simooooo | karma 409 | avg karma 0.81 · | 2018-01-04 18:17:29+00:00

Won't modern browsers block this anyway?

neop1x | karma 439 | avg karma 0.68 · | 2020-05-21 15:23:03+00:00

It can ask user explicitly like it asks for microphone. It is not common for a website page to need access to the local network services as it is to record microphone or request location data. So it's browser fault IMO.

throwamay1241 | karma 143 | avg karma 4.21 · | 2019-07-10 08:42:43+00:00

Browsers have weird behaviors on localhost, such as allowing webcam and microphone on HTTP and iirc, permit cross-origin resource access which is blocked on less trusted domains.

CPops | karma 115 | avg karma 2.25 · | 2010-11-07 00:05:38+00:00

I can understand blocking IE users, but I don't understand why Chrome or other modern browsers should be blocked with no explanation.

Paianni | karma 201 | avg karma 0.91 · | 2017-12-19 07:57:00

It's their browser, they can do whatever they want.

onion2k | karma 46633 | avg karma 4.72 · | 2016-11-23 15:57:03+00:00

It isn't on by default for backward compatibility

That's the point I'm questioning - I think browsers should block by default and only allow things that are specifically allowed by the CSP (or by CORS).

reply

jjoonathan | karma 24567 | avg karma 4.71 · | 2018-11-12 21:59:38+00:00

In the age of open source browsers that's only an excuse if they're being blocked from contributing an API.

brokensegue | karma 1035 | avg karma 1.92 · | 2017-12-19 23:29:59

the browsers requests are your requests

fauigerzigerk | karma 15398 | avg karma 2.9 · | 2023-08-13 12:14:56

Not just browsers. (Other) Native apps have the same problem. For some reason we have elaborate permissions for all sorts of things but nothing remotely user friendly for various kinds of network activity.

badrabbit | karma 7868 | avg karma 1.33 · | 2020-07-07 21:54:11+00:00

Ok, but why is this up to the browser? If it was any other app, how can users be protected? Shouldn't this be enforced by the hardware ideally?

sk3tch | karma 45 | avg karma 3.0 · | 2012-05-08 20:23:28+00:00

Yes, but the site working provides absolutely no reason to actively block it. Display an 'upgrade your browser' message fine, but actively block a certain browser based on user agent string? Ridiculous.

andreasvc | karma 1599 | avg karma 1.34 · | 2013-05-22 18:59:53

In other words it simulates browsing the grooveshark website, instead of using their public API. I think it's this that they are upset about, but it makes little sense because if people can see something on their browser then that user should just as well be allowed to see it through a script.

phendrenad2 | karma 6687 | avg karma 1.55 · | 2023-06-07 16:07:46

Why exactly can't browsers provide this functionality themselves? Is this prohibited by some questionably-well-meaning-but-nonetheless-harmful law?

12907835202 | karma 512 | avg karma 4.45 · | 2022-09-29 04:58:58

What's an unauthorized device? If I fork chromium and make my own browser what makes it authorized or unauthorized? If I make a CURL request from my terminal is that authorized or unauthorized?

If FB blocked any requests from Firefox Focus they'd likely be in hot water from government agencies.

Do they have the right to block any other app?

reply

Franciscouzo | karma 435 | avg karma 2.08 · | 2016-06-22 14:42:09

That's not a problem of browsers having a difficulty determining if they're talking to something on a local network or not, just because you're in a local network doesn't means you can't be victim of a MiTM.

cm3 | karma 3067 | avg karma 2.1 · | 2016-04-07 14:54:03+00:00

Will browsers prompt (like mic and video) for permission before opening p2p traffic? I'm afraid random sites could behind my back make my machine (via nat traversal if needed) participate in illegal torrenting. It's the legal world we live in, and while I welcome the new browser abstractions, this must be behind a permission popup and provide a way to permanently disable without building a custom browser. What's the status on that?

ars | karma 27176 | avg karma 2.04 · | 2009-07-20 19:10:27

So why block them? Why not a message: "This site probably doesn't work in Opera, but feel free to try."?