|
|
Log in / Subscribe / Register

Gaping Security Hole

Gaping Security Hole

Posted Apr 21, 2026 20:16 UTC (Tue) by iabervon (subscriber, #722)
In reply to: Gaping Security Hole by zwol
Parent article: Firefox 150 released

The other case I know of is allowing local applications to authenticate to remote services by going through browser-based authentication to get the necessary token. The local application presents an HTTP interface on localhost in order to interact with the browser, and it and the authentication site do the appropriate non-same-site handoffs, but that means the authentication site has to redirect back to the local application's HTTP interface.

It seems likely to me that the local application (as well as things like printers) ought to be able to tell the browser when linking to a remote site that the particular remote site ought to be permitted to link back.

to post comments

Gaping Security Hole

Posted Apr 21, 2026 21:37 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

Pretty much all these kinds of flows now use polling. The CLI application just polls the server periodically (or uses long polling, or HTTP2 events, or whatever) instead of waiting for the browser's local callback.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds