[rainforest]

Thanks, for the benefit of others the risk is that the devtools port has no Auth so is vulnerable to XSS.

I would surmise that this will stop being a problem if you switch to using a unix socket for the CDP.