[Greasemonkey] GM_xmlhttpRequest and localhost

Mark Pilgrim pilgrim at gmail.com
Tue Jul 19 15:52:39 EDT 2005


On 7/19/05, Jun Yang <jyang825 at gmail.com> wrote:
> I think the access to http://localhost is important for many wonderful
> possibilities.  However, security concerns are also real.  Can we plese do
> this?  Some configuration is provided for user to allow only GM scripts from
> certainly sites to access http://localhost?

Please disable all access by default, then provide options to allow
access to localhost (and 127.0.0.1!).  Such access is only useful for
script developers, who can enable it if they need it.

Even better, don't provide a GUI option for it, just put it in
about:config (no access by default) and publish documentation on how
script developers can change it.  I can't see any legitimate need to
bother end users with this.

-- 
Cheers,
-Mark


More information about the Greasemonkey mailing list