|
|
|
|
|
|
by nojvek
2540 days ago
|
|
|
This isn't a local network issue though, this is a cross origin issue that Browsers definitely need to patch. A script from the internet should not be allowed to interface with a script from local network (localhost, local intranet e.t.c) The browser should have strict sandboxes. This is like when you load a site over https, browsers scream at you if you load a http resource saying it's insecure. |
|
|
You can have multiple IPs for a domain name, so if I set "hack.tlb.org" to include both a server I control and 192.168.1.1, I can repeatedly do fetches from "hack.tlb.org" until one of them gets your router instead of my server. And they're in the "same origin" for CORS purposes.