Skip to content

[Question / Feature Request] CORS-RFC1918 Support #236

New issue
New issue
Open
#274
Open
[Question / Feature Request] CORS-RFC1918 Support#236
#274
Labels
awaiting more infoenhancement
@NoelDavies

Description

@NoelDavies
NoelDavies
opened on May 18, 2021

Is your feature request related to a problem? Please describe.
I've not seen this mentioned before (apologies if it has come up).

Chrome will soon implement this and block any public to private requests (public domain to 127.0.0.1).

See https://chromestatus.com/feature/5436853517811712

Describe the solution you'd like
Update the cors package to easily set the new CORS header (maybe auto-magically?)
https://wicg.github.io/private-network-access/#headers

Describe alternatives you've considered
I could host a centralized server, but I'd rather not do this for my users.

Additional context
Chrome's current warning message

This now appears in chrome:
[Deprecation] The website requested a subresource from a network that it could only access because of its users' privileged network position. These requests expose non-public devices and servers to the internet, increasing the risk of a cross-site request forgery (CSRF) attack, and/or information leakage. To mitigate these risks, Chrome deprecates requests to non-public subresources when initiated from non-secure contexts, and will start blocking them in Chrome 92 (July 2021). See https://chromestatus.com/feature/5436853517811712 for more details.

(Sidenote - spoke to to the socket.io devs and they pointed me to you guys - socketio/socket.io#3929)

Metadata

Metadata

Assignees

No one assigned

    Labels

    awaiting more infoenhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions