https://news.ycombinator.com/item?id=47829800 (125 upvotes, 34 comments)
I've been hacking away at a browser-based tool that uses anthropic APIs on the backend. But what I really want is for the browser to talk to my local claude becuase I have MCPs, skills, network access for a bunch of things.
I started with a little proxy installed on my computer that the browser can call but knew it would never pass any security review. The alternative I didn't originally know about was Native Messaging.
It's a fairly benign way to let a browser talk to and execute commands on your computer. But doing it without disclosing is, I agree, very bad.
(tool I'm hacking away at needs to talk to local claude and acli: https://withlattice.com)
It turns it into a websocket endpoint you can just connect to (iirc it's what the Python SDK does under the hood).
detail: https://medium.com/coding-nexus/i-found-a-hidden-flag-in-cla...
Listening for commands to run seems similarly dangerous as having a proxy installed!
The only nuance is that recent chrome versions treat it as a separate permission, so user need to allow it once.
Yes, native messaging is the "proper" way to do that, but, again, nothing wrong with localhost http server. You have origin headers so you can allow access from your whitelisted website, if necessary.
You only have origin headers that you can trust if the traffic originated from a browser you trust.
Anything else on the machine that can send network traffic can now hook into your service. Which is quite a bit looser than being able to start a new process running that native message host and hook into its stdio.
This is how native messaging works in extensions. Apps declare via manifest that extensions can talk to them.
Further - the user still has to install the extension in the browser and the user has to approve the permissions popup that explicitly states the extension will have permission to "Communicate with cooperating native applications." See: https://developer.chrome.com/docs/extensions/reference/permi...
So it's hardly undisclosed. Every user with the extension has accepted this permissions popup that communicates that this is happening and allowed.
(whether permissions prompts like this are actually helpful is a different topic).
Is it an easy cleanup? Sure. But I shouldn't be seeing support folders for apps I have never installed on my machine, ever.
I've been using Edge for a couple years now. I used to laugh at the idea of using Internet Explorer I mean Edge but it's actually pretty good and quite performant.
Same Chromium rendering engine (e.g. as opposed to using Firefox or Safari, which I'd prefer but especially for frontend development testing against Chromium is ideal given their market share) and same keyboard shortcuts as Chrome so was an easy transition.