Web-Facing Change PSA: Permission policies for Direct Sockets API in Isolated Web Apps
Bhaskar Sharma
The "direct-sockets-private" blanket permission policy in Isolated Web Apps is being replaced by the more granular "local-network" and "loopback-network" permission policies.
Connecting via TCP direct sockets or UDP direct sockets in connected mode will now require specific permission policies based on the target address space:
- Connecting to addresses within the local network address space requires the "local-network" permission policy.
- Connecting to addresses within the loopback network address space requires the "loopback-network" permission policy.
For UDP direct sockets in bound mode, the requirements are more stringent: both the "local-network" and "loopback-network" permission policies are required regardless of the specific address being utilized.
Blink component
Risks
Interoperability and Compatibility
Gecko & WebKit: No signal. Direct Sockets are only available on Isolated Web Apps which are only available on ChromeOS.
Web developers: Update "direct-sockets-private" permission policy with the relevant "local-network" and "loopback-network" permission policies in Isolated Web Apps Manifests.
No information provided
No. Only ChromeOS.
| Shipping on ChromeOS | 151 |
Link to entry on the Chrome Platform Status |
Mike Taylor
On 6/10/26 6:51 a.m., 'Bhaskar Sharma' via blink-dev wrote:
Contact emails
Specification
SummaryThe
"direct-sockets-private"blanket permission policy in Isolated Web Apps is being replaced by the more granular "local-network" and "loopback-network" permission policies.Connecting via TCP direct sockets or UDP direct sockets in connected mode will now require specific permission policies based on the target address space:
- Connecting to addresses within the local network address space requires the "local-network" permission policy.
- Connecting to addresses within the loopback network address space requires the "loopback-network" permission policy.
For UDP direct sockets in bound mode, the requirements are more stringent: both the "local-network" and "loopback-network" permission policies are required regardless of the specific address being utilized.Blink component
Risks
Interoperability and Compatibility
Gecko & WebKit: No signal. Direct Sockets are only available on Isolated Web Apps which are only available on ChromeOS.
Web developers: Update "direct-sockets-private" permission policy with the relevant "local-network" and "loopback-network" permission policies in Isolated Web Apps Manifests.
DebuggabilityNo information provided
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?No. Only ChromeOS.
Estimated milestones
Shipping on ChromeOS 151
Link to entry on the Chrome Platform Status
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABiY0qtzqY3Y149uQKVb6e1NS0_97txJyd2Q%3DiuAeWseSBN7nA%40mail.gmail.com.