Would building CSRF + CORS into local apps solve the security issues addressed b... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

harlanji on July 3, 2023 | parent | context | favorite | on: Localhost Resource Permission

Would building CSRF + CORS into local apps solve the security issues addressed by this?

I have a handful of personal apps that I run locally and have started thinking about this concern as I prepare them for commercial distribution. I've been thinking about that + OAuth to grant access where we actually want to integrate with 3rd party apps, eg. via browser extension content scripts.

marcosdumay on July 3, 2023 [–]

Strong authentication for local applications solves the issue. But it must be done for all local applications, what is really unlikely to be the case.

But that site is blatantly wrong about Firefox, so I don't trust its facts about the other browsers either.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact