Chromestatus
unread,Sep 4, 2025, 3:23:23 PM (9 hours ago) Sep 4Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to blin...@chromium.org, cth...@chromium.org, dad...@google.com, jdeb...@chromium.org, hc...@chromium.org
Contact emails
hc...@chromium.org
Explainer
https://github.com/WICG/local-network-access/blob/main/explainer.md#websockets
Specification
None
Summary
Restricts the ability to make requests to the user's local network using WebRTC, gated behind a permission prompt.
A local network request is any request from a public website to a local IP address or loopback, or from a local website (e.g. intranet) to loopback. Gating the ability for websites to perform these requests behind a permission reduces the ability of sites to use these requests to fingerprint the user's local network.
This permission is restricted to secure contexts.
This work is adding to the Local Network Access Restrictions work here: https://chromestatus.com/feature/5152728072060928
Blink component
Blink>SecurityFeature>LocalNetworkAccess
Motivation
Local WebSockets connections are subject to many of the same attacks that the original LNA proposal are designed to solve.
This would add the same controls that were implemented in the original LNA proposal to WebSockets
Initial public proposal
None
TAG review
None
TAG review status
Pending
Risks
Interoperability and Compatibility
None
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs,
such that it has potentially high risk for Android WebView-based
applications?
None
Debuggability
None
No
Flag name on about://flags
None
Finch feature name
LocalNetworkAccessChecksWebSockets
Requires code in //chrome?
False
Tracking bug
https://crbug.com/421156866
Estimated milestones
No milestones specified
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5197681148428288?gate=5182539509661696