Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As far as I understand it, it is supposed to be a scan done by the browser on the user's computer, not an external scan, which a browser extension wouldn't be able to detect.


Hopefully should soon be a thing of the past with https://developer.chrome.com/blog/local-network-access


I see. So the website would try to access private IP adresses (RFC 1918) by having elements like <iframe src="http://10.0.0.1"> in the web site and then the web site would check if the iframe was loaded successfully?


It could also just try making the request with javascript. Or try a websocket connection.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: