(http.jameshfisher.com)

652 points jamesfisher | 2 comments | 28 May 19 07:57 UTC | HN request time: 0s | source

Show context

shakna ◴[28 May 19 08:50 UTC] No.20028346[source]▶

>>20028108 (OP) #

I can see the list of XHR requests made, and I have half a dozen local web servers running, and there are a bunch of other web servers running on my network. I have a bad habit of spinning up a server on an ESP32 whenever I want to remote control something physical.

... Strangely, despite the XHR's hitting ports and IPs I know are running unsecured web servers, the site sees nothing. Lots of "unreachable".

Firefox 67.0, Arch Linux (5.0.10).

replies(1): >>20028445 #

sepbot ◴[28 May 19 09:13 UTC] No.20028445[source]▶

>>20028346 #

The requests should fail unless the servers you are running allow CORS as per the headers.

replies(1): >>20028451 #

shakna ◴[28 May 19 09:15 UTC] No.20028451[source]▶

>>20028445 #

There's half a dozen that are.

replies(1): >>20028600 #

ypkuby ◴[28 May 19 09:50 UTC] No.20028600{3}[source]▶

>>20028451 #

Do you have any locked down policy on them though? I assume this would only work if you gave blanket access.

I noticed in my tests it found one on port 3000 with blanket access, but didn't see one on port 9999 with restricted access( policy => allow from *.mydomains )

replies(1): >>20028709 #

1. shakna ◴[28 May 19 10:16 UTC] No.20028709{4}[source]▶

>>20028600 #

Yes. I'm terrible and have them set to allow all domains, and all methods.

replies(1): >>20029163 #

2. dillonmckay ◴[28 May 19 11:53 UTC] No.20029163[source]▶

>>20028709 (TP) #

Maybe your browsers are up-to-date?

↑

I can see your local web servers