This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block localhost access by default in private windows.

user58384
Strollin' around
โ€Ž12-12-2023 11:35 PM
Status: New idea

Some websites connect to localhost to communicate with local applications. For example, clicking on a Discord invite link in a web browser will open a web page that connects to a WebSocket on localhost port 6463 to communicate with the Discord desktop application to "beam" the invite to be handled by the application.

In my opinion, it is counterintuitive that such connections are allowed by default in private windows. I'm not sure if there is a setting to disable them (I did not find any by a cursory search through the settings). Personally, I would prefer if such connections were disallowed by default even in normal windows, with an option to allow them individually, like happens for pop-up windows.

See more ideas labeled with:
Comment
4 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
โ€Ž12-13-2023 05:20 AM
โ€Ž12-13-2023 05:20 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

brixter
Making moves
โ€Ž12-13-2023 06:51 PM
โ€Ž12-13-2023 06:51 PM

I disagree. A user may himself use localhost for specific reasons. I don't think Firefox should block localhost globally since some users may want to use it.

pulse
Strollin' around
โ€Ž12-13-2023 09:47 PM
โ€Ž12-13-2023 09:47 PM

This is an important privacy and security measure to prevent websites from accessing resources on my intranet. I'm using the "Block Outsider Intrusion into LAN" filter (from the "Privacy" section) in uBlock Origin to block localhost access, but this should be built into Firefox as an option without needing an extension. (An option, not a requirement.)

g_g
New member
โ€Ž04-26-2025 03:51 PM
โ€Ž04-26-2025 03:51 PM

I agree this being a privacy and security concern. The user doesn't mean to block Firefox from loading localhost, but to prevent Firefox in private tabs from letting websites communicate or open websockets to localhost. Out of origin communication to localhost should pe permission based, like when Firefox asks the user on whether it is allowed to open a desktop app. In other words: malicious.com sniffing all localhost ports is totally not okay.

Copyright ยฉ 2025 Khoros, LLC
Top