Thanks for explaining. That makes a lot of sense and sounds like an excellent approach. I think the Launcher/Team should encourage/enforce the usage of that endpoint (rather than ‘localhost’) more. In accordence with
Maybe only respond to API-Requests with a CORS-Header only on that endpoint and only if the request originated from a *.safenet-domain and block/respond with 401 for all other Browser-Based requests (looking at the Referrer and Origin-headers) would already prevent the other-website-scooping-problem mentioned earlier, but still allow local apps and within-session-web-apps to run. Actually, if you’d accept a PR for this on the launcher, I’d be happy to implement it!
I know there is a strong sentiment for having control about everything, especially the browser. However, asking the user to install a different browser and disrupting their behaviors and patterns like that comes with a cost. The Tor browser simply isn’t as comfortable as Firefox or Chrome – and neither will be this fork. Or simply put: most people won’t do it. Installing a browser plugin or extension however (one that allows access to safenet-urls, implements the API endpoint and blocks all clearnet-traffic for those websites hosted from safenet) is much easier to do (see the rise of adblockers) and less invasive.
Asking a normal person to switch the browser or having to switch on a red-flagged-don’t-switch-this-on-feature in the app just to surf that web – and then not even be fully protected – is sketchy. I’d rather drop the proxy as it exists in that case and focus on a way – aside from having to install a special browser – to allow good-defaults-on surfing on that web.