https://github.com/WICG/local-network-access/blob/main/explainer.md
https://wicg.github.io/local-network-access/#secure-context-restriction
Local Network Access: Allow Potentially Trustworthy Same-Origin Fetches
Private Network Access: Preflight requests for subresources
Allow same-origin local network fetches to potentially-trustworthy origins and do not send preflights for them. We currently send preflights before all local network requests, but ignore the results, as proposed in Intent to Ship: Private Network Access preflight requests for subresources.
This change reduces the compatibility risk of enforcing preflight results on private network requests as we now send fewer preflights for private network requests, so it’s less likely to break websites.
Gecko: No signal about this specific change.
WebKit: No signal about this specific change.
Web developers: No signal about this specific change, but they should be happy since this reduces compatibility risks.
Other signals:
None.
We plan to ship this change directly to M114 as this relaxes the previous restrictions.
This change is limited to potentially trustworthy origins. Proof of certificate protects users from DNS rebinding.
There’s no plan to ship Local Network Access on WebView.
Relevant information (client and resource IP address space) is already piped into the DevTools network panel. Deprecation warnings and errors will be surfaced in the DevTools issues panel explaining the problem when it arises.
Not on Android WebView given previous difficulty in supporting PNA changes due to the lack of support for deprecation trials. Support for WebView will be considered separately.
LocalNetworkAccessAllowPotentiallyTrustworthySameOrigin
Only for metric logging
DevTrial on desktop | 114 |
DevTrial on Android | 114 |
Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).
Sorry for the confusion about the spec name. We've recently changed our stance https://github.com/WICG/local-network-access/issues/91#issuecomment-1494704528 and the spec name is still unsettled until we hear back from other browser vendors. Both Private Network Access and Local Network Access mean the same thing for now.On Wed, Apr 5, 2023, 12:22 Jonathan Hao <ph...@chromium.org> wrote:Note that Private Network Access is in the process of being renamed to Local Network Access, so you may see inconsistent names for the time being.
Explainer
https://github.com/WICG/local-network-access/blob/main/explainer.md
Specification
https://wicg.github.io/local-network-access/#secure-context-restriction
Design docs
Local Network Access: Allow Potentially Trustworthy Same-Origin Fetches
Private Network Access: Preflight requests for subresources
Summary
Allow same-origin local network fetches to potentially-trustworthy origins and do not send preflights for them. We currently send preflights before all local network requests, but ignore the results, as proposed in Intent to Ship: Private Network Access preflight requests for subresources.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABsQ2jGAcTV4CUKKwsYYfnQRiQ_W6KK9L4OQ5uNHNGn3WMhZ5Q%40mail.gmail.com.
On Wed, Apr 5, 2023 at 2:02 PM Jonathan Hao <ph...@chromium.org> wrote:Sorry for the confusion about the spec name. We've recently changed our stance https://github.com/WICG/local-network-access/issues/91#issuecomment-1494704528 and the spec name is still unsettled until we hear back from other browser vendors. Both Private Network Access and Local Network Access mean the same thing for now.On Wed, Apr 5, 2023, 12:22 Jonathan Hao <ph...@chromium.org> wrote:Note that Private Network Access is in the process of being renamed to Local Network Access, so you may see inconsistent names for the time being.
Explainer
https://github.com/WICG/local-network-access/blob/main/explainer.md
Specification
https://wicg.github.io/local-network-access/#secure-context-restriction
Design docs
Local Network Access: Allow Potentially Trustworthy Same-Origin Fetches
Private Network Access: Preflight requests for subresources
Summary
Allow same-origin local network fetches to potentially-trustworthy origins and do not send preflights for them. We currently send preflights before all local network requests, but ignore the results, as proposed in Intent to Ship: Private Network Access preflight requests for subresources.
Can you expand on this change? Would this result in not sending preflights IFF their origin is the same as the document's origin?
Would this also work for embedded documents? (resulting in a single preflight for the document's resource, but not subresource)Or would it be restricted to cases where the user explicitly went to a local network top-level document? (Or something else entirely, and I misunderstood)
LGTM2 (sorry for the delay, it seems this fell out of our review
queue).
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiPLfTRMRBp56AY-DTAAke5kx6dKVfKqc8c6RXVr7tu3MqQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/288b0a13-287a-0716-13a6-d878bbf73fe4%40chromium.org.