Comment by mdaniel

Comment by mdaniel 2 days ago

0 replies

View on Hacker News

> Doesn't seem like a good idea for extensions to be accessing local resources though.

To the best of my knowledge all localhost connections are exempt from CORS and that's in fact how the 1Password extension communicates with the desktop app. I'd bet Bitwarden and KeePassXC behave similarly