ansaurus

Question

Access to 127.0.0.1 by default in Opera 10?

Answer 1

+6 A:

Since this is a security feature it's not supposed to be possible to circumvent it from web content - otherwise it would be no point in having that feature in the first place. What's your use case?

hallvors 2009-12-06 19:37:30

I have an iFrame that's what to render some data obtained from 127.0.0.1Every other browser allows it - not sure why Opera wont.

psychotik 2009-12-07 06:12:36

Perhaps because Opera is more secure (or trying to be so) :). The cross-network limitations are in fact developed as a response to the security threat called "pharming" where malicious sites might reconfigure your router or intranet services. It may not yet be flexible enough configuration-wise, but it's certainly safer than browsers used to be.Do you see a cross-network access error page? You might try writing a User JavaScript that is limited to 127.0.0.1, detects the network error page and clicks the "Continue" link..

hallvors 2009-12-07 12:19:57

This is a silly security feature for a browser. Preventing pharming is the OS's responsibility, by sandboxing browsers. Browsers artificially preventing websites from doing legitimate operations in the name of security is a sham. It is 100% legit to expect a webserver running on a user's machine to be able to serve content. I'm not talking about some silly XSS thing here - this is in an iframe which is already sandboxed from the rest of the website.

psychotik 2009-12-29 23:29:09

How on earth could the *OS* prevent pharming?

Nicolás 2009-12-30 00:39:23

Nicolas - pharming involves messing your hosts file or reconfiguring your router. By preventing non privileged processes from accessing the hosts file, the OS can help with the former (i.e. sandboxing). Strong router admin password and good router firmware (not susceptible to CSRF, for instance) implementation prevents the second.

psychotik 2009-12-30 02:02:25

Of course in a better world we'd have routers with strong passwords and proper CSRF-protection measures. Trying to solve this problem in the browser IS hackish and has drawbacks - but we don't live in an ideal world and as browser developers we want to protect our users from web-based threats.

hallvors 2009-12-30 23:52:31

Answer 2

+1 A:

I'm assuming that you are installing some kind of software on your clients' machines -- otherwise, how can you be certain that there is a webserver at 127.0.0.1? If so, @Autocracy's comment to the question applies: find where the "Trusted Sites" settings are stored, and modify it during the installation.

Alex Lyman 2009-12-30 00:33:46

Yes. And yea, I like Autocracy's suggestion too. At first glance, it looks like Opera stores this info in a binary file. There is a ini file called override.ini which looks promising although it isn't directly edited by changing the trusted site list. This workaround is butt-ugly though... time to not support Opera, methinks!

psychotik 2009-12-30 02:05:27

Answer 3

+3 A:

File location in Windows: $USER_FOLDER/Application Data/Opera/Opera/

Ensure opera is closed, append, enjoy.

$ cat trusted_repositories.ini                                                                                      ï»¿
Opera Preferences version 2.1
; Do not edit this file while Opera is running
; This file is stored in UTF-8 encoding

[whitelist]
http://widgets.opera.com
https://widgets.opera.com
http://unite.opera.com
https://unite.opera.com

Autocracy 2009-12-30 18:15:43

Answer 4

A:

I am not sure what you are accessing on localhost/127.0.0.1?

Are request browser for a direct file system access? Or is your server running on localhost.

I just tested (on Linux), if your server is bound to 127.0.0.1 interface, opera is allowing the access.

chinmaya 2009-12-30 19:16:40

ansaurus

tags:

views:

answers:

Access to 127.0.0.1 by default in Opera 10?

related questions