This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block localhost access by default in private windows.

user58384
Strollin' around
‎12-12-2023 11:35 PM
Status: New idea

Some websites connect to localhost to communicate with local applications. For example, clicking on a Discord invite link in a web browser will open a web page that connects to a WebSocket on localhost port 6463 to communicate with the Discord desktop application to "beam" the invite to be handled by the application.

In my opinion, it is counterintuitive that such connections are allowed by default in private windows. I'm not sure if there is a setting to disable them (I did not find any by a cursory search through the settings). Personally, I would prefer if such connections were disallowed by default even in normal windows, with an option to allow them individually, like happens for pop-up windows.

See more ideas labeled with:
Comment
3 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎12-13-2023 05:20 AM
‎12-13-2023 05:20 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

brixter
Making moves
‎12-13-2023 06:51 PM
‎12-13-2023 06:51 PM

I disagree. A user may himself use localhost for specific reasons. I don't think Firefox should block localhost globally since some users may want to use it.

pulse
Strollin' around
‎12-13-2023 09:47 PM
‎12-13-2023 09:47 PM

This is an important privacy and security measure to prevent websites from accessing resources on my intranet. I'm using the "Block Outsider Intrusion into LAN" filter (from the "Privacy" section) in uBlock Origin to block localhost access, but this should be built into Firefox as an option without needing an extension. (An option, not a requirement.)

Copyright © 2024 Khoros, LLC