Sorry for the confusion about the spec name. We've recently changed our stance https://github.com/WICG/local-network-access/issues/91#issuecomment-1494704528 and the spec name is still unsettled until we hear back from other browser vendors. Both Private Network Access and Local Network Access mean the same thing for now.
On Wed, Apr 5, 2023, 12:22 Jonathan Hao <p...@chromium.org> wrote: > Note that Private Network Access is in the process of being renamed to > Local Network Access, so you may see inconsistent names for the time being. > > Explainer > > https://github.com/WICG/local-network-access/blob/main/explainer.md > > Specification > > https://wicg.github.io/local-network-access/#secure-context-restriction > <https://wicg.github.io/local-network-access> > > Design docs > > Local Network Access: Allow Potentially Trustworthy Same-Origin Fetches > <https://docs.google.com/document/d/1XopQKc6sR-2URgKqEleb-XNjcSPOjTI-E5qRxWGBuTY/edit#heading=h.y2euwddkcot> > > Private Network Access: Preflight requests for subresources > <https://docs.google.com/document/d/1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI/edit> > > Summary > > Allow same-origin local network fetches to potentially-trustworthy origins > and do not send preflights for them. We currently send preflights before > all local network requests, but ignore the results, as proposed in Intent > to Ship: Private Network Access preflight requests for subresources > <https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/72CK2mxD47c/m/5mkboUneAwAJ> > . > > Blink componentBlink>SecurityFeature>CORS>PrivateNetworkAccess > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESecurityFeature%3ECORS%3EPrivateNetworkAccess> > > TAG reviewhttps://github.com/w3ctag/design-reviews/issues/572 > > TAG review statusIssues addressed > > Risks > > Interoperability and Compatibility > > This change reduces the compatibility risk of enforcing preflight results > on private network requests as we now send fewer preflights for private > network requests, so it’s less likely to break websites. > > Gecko: No signal about this specific change. > > WebKit: No signal about this specific change. > > Web developers: No signal about this specific change, but they should be > happy since this reduces compatibility risks. > > Other signals: > > > Ergonomics > > None. > > > Activation > > We plan to ship this change directly to M114 as this relaxes the previous > restrictions. > > Security > > This change is limited to potentially trustworthy origins. Proof of > certificate protects users from DNS rebinding. > > WebView application risks > > There’s no plan to ship Local Network Access on WebView. > > > > Debuggability > > Relevant information (client and resource IP address space) is already > piped into the DevTools network panel. Deprecation warnings and errors will > be surfaced in the DevTools issues panel explaining the problem when it > arises. > > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)?No > > Not on Android WebView given previous difficulty in supporting PNA changes > due to the lack of support for deprecation trials. Support for WebView will > be considered separately. > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ?No > > DevTrial instructionsNo DevTrial for this change > > Flag name > > LocalNetworkAccessAllowPotentiallyTrustworthySameOrigin > > Requires code in //chrome? > > Only for metric logging > > Tracking bug > > https://crbug.com/1382068 > > Launch bug > > https://crbug.com/1274149 > > > Estimated milestones > DevTrial on desktop 114 > DevTrial on Android 114 > Anticipated spec changes > > Open questions about a feature may be a source of future web compat or > interop issues. Please list open issues (e.g. links to known github issues > in the project for the feature specification) whose resolution may > introduce web compat/interop risk (e.g., changing to naming or structure of > the API in a non-backward-compatible way). > > None > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5737414355058688 > > Links to previous Intent discussions > Intent to prototype: > https://groups.google.com/a/chromium.org/g/blink-dev/c/ArrhiKB8XF0/m/cGO-5B1IAwAJ > Intent to prototype (all preflights): > https://groups.google.com/a/chromium.org/g/blink-dev/c/PrB0xnNxaHs/m/jeoxvNjXCAAJ > Intent to Experiment (all preflights): > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOC%3DiP%2Bew8hADZkdQ3AO6P9WzfGuzLPp9JjJZqztV5oZmaK8oQ%40mail.gmail.com > > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com/>.v > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABsQ2jGAcTV4CUKKwsYYfnQRiQ_W6KK9L4OQ5uNHNGn3WMhZ5Q%40mail.gmail.com.
