Note that Private Network Access is in the process of being renamed to Local Network Access, so you may see inconsistent names for the time being.
Explainer https://github.com/WICG/local-network-access/blob/main/explainer.md Specification https://wicg.github.io/local-network-access/#secure-context-restriction <https://wicg.github.io/local-network-access> Design docs Local Network Access: Allow Potentially Trustworthy Same-Origin Fetches <https://docs.google.com/document/d/1XopQKc6sR-2URgKqEleb-XNjcSPOjTI-E5qRxWGBuTY/edit#heading=h.y2euwddkcot> Private Network Access: Preflight requests for subresources <https://docs.google.com/document/d/1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI/edit> Summary Allow same-origin local network fetches to potentially-trustworthy origins and do not send preflights for them. We currently send preflights before all local network requests, but ignore the results, as proposed in Intent to Ship: Private Network Access preflight requests for subresources <https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/72CK2mxD47c/m/5mkboUneAwAJ> . Blink componentBlink>SecurityFeature>CORS>PrivateNetworkAccess <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/572 TAG review statusIssues addressed Risks Interoperability and Compatibility This change reduces the compatibility risk of enforcing preflight results on private network requests as we now send fewer preflights for private network requests, so it’s less likely to break websites. Gecko: No signal about this specific change. WebKit: No signal about this specific change. Web developers: No signal about this specific change, but they should be happy since this reduces compatibility risks. Other signals: Ergonomics None. Activation We plan to ship this change directly to M114 as this relaxes the previous restrictions. Security This change is limited to potentially trustworthy origins. Proof of certificate protects users from DNS rebinding. WebView application risks There’s no plan to ship Local Network Access on WebView. Debuggability Relevant information (client and resource IP address space) is already piped into the DevTools network panel. Deprecation warnings and errors will be surfaced in the DevTools issues panel explaining the problem when it arises. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?No Not on Android WebView given previous difficulty in supporting PNA changes due to the lack of support for deprecation trials. Support for WebView will be considered separately. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?No DevTrial instructionsNo DevTrial for this change Flag name LocalNetworkAccessAllowPotentiallyTrustworthySameOrigin Requires code in //chrome? Only for metric logging Tracking bug https://crbug.com/1382068 Launch bug https://crbug.com/1274149 Estimated milestones DevTrial on desktop 114 DevTrial on Android 114 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). None Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5737414355058688 Links to previous Intent discussions Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/ArrhiKB8XF0/m/cGO-5B1IAwAJ Intent to prototype (all preflights): https://groups.google.com/a/chromium.org/g/blink-dev/c/PrB0xnNxaHs/m/jeoxvNjXCAAJ Intent to Experiment (all preflights): https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiP%2Bew8hADZkdQ3AO6P9WzfGuzLPp9JjJZqztV5oZmaK8oQ%40mail.gmail.com This intent message was generated by Chrome Platform Status <https://chromestatus.com/>.v -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABsQ2jEXBtwKKzqoieumC%3D7MpZ5cyPaeujSHFDyCDN_65d-_nw%40mail.gmail.com.
