|
|
|
|
|
|
by vbezhenar
62 days ago
|
|
|
Nothing wrong about running http server on your localhost and talk to it. A lot of applications do that. The best thing: you don't need to appease extension appstores, you just ship. The only nuance is that recent chrome versions treat it as a separate permission, so user need to allow it once. Yes, native messaging is the "proper" way to do that, but, again, nothing wrong with localhost http server. You have origin headers so you can allow access from your whitelisted website, if necessary. |
|
|
You only have origin headers that you can trust if the traffic originated from a browser you trust.
Anything else on the machine that can send network traffic can now hook into your service. Which is quite a bit looser than being able to start a new process running that native message host and hook into its stdio.