Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Do I understand correctly that access to access to private network endpoints from secure contexts (https) is currently not in scope? That's my interpretation of https://developer.chrome.com/blog/private-network-access-update/#cors-preflight-requests which is in "Plans for the future" section.

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

[blink-dev@ to bcc] Hi Scott, I'll reply off list. Cheers, Titouan On Mon, May 15, 2023 at 2:53 PM Scott Weber wrote: > Titouan, et.al. > > Is this still awaiting more feedback, and/or another intent to ship? > > This post: > https://developer.chrome.com/blog/private-network-access-update/ w

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Titouan, et.al. Is this still awaiting more feedback, and/or another intent to ship? This post: https://developer.chrome.com/blog/private-network-access-update/ was brought to my attention by our marketing department, but appears to be concerned with mixed content. (I do not expect our mark

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Titouan, Excellent. Since I am now subscribed to this blog, I will be aware of these changes. ( although google SSO used my personal email, not my employer) I was (and still am) cautious about getting ALL the changes, since I'm sure there are hundreds. And our little embedded web server does

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

[blink-dev@ to bcc] Hi Scott, Thanks for reaching out. Answers inline below. On Mon, Apr 24, 2023 at 9:32 PM Scott Weber wrote: > Grammar correction, sorry: > "a brief tutorial to a newbie on *the status of* PNA and..." > > On Monday, April 24, 2023 at 2:13:59 PM UTC-5 Scott Weber wrote: > >>

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Grammar correction, sorry: "a brief tutorial to a newbie on *the status of* PNA and..." On Monday, April 24, 2023 at 2:13:59 PM UTC-5 Scott Weber wrote: > Forgive me if this is not the correct place to ask... > I seem to have stumbled across this conversation trying to find answers > (this thre

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Forgive me if this is not the correct place to ask... I seem to have stumbled across this conversation trying to find answers (this thread looks like an email archive chain). I am new to this platform of getting early information about upcoming changes. Originally, PNA was supposed to "go live"

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi blink-dev, Just wanted to state here that we'll send a different intent to ship when we want to enforce that preflights succeed, instead of re-using this one (there is already an intent to deprecate thread [1]). PNA has been launching bit by bit to manage compatibility risk, and having a chrome

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Thanks for the response!!! Have a nice weekend! On Friday, October 28, 2022 at 7:25:20 AM UTC-3 Titouan Rigoudy wrote: > Meant to link to this other thread [1] as the one on which we need 3 LGTMs. > > Cheers, > Titouan > > [1] > https://groups.google.com/a/chromium.org/g/blink-dev/c/FlenxUPCDec/

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Meant to link to this other thread [1] as the one on which we need 3 LGTMs. Cheers, Titouan [1] https://groups.google.com/a/chromium.org/g/blink-dev/c/FlenxUPCDec/m/T2YBn0kEBQAJ On Fri, Oct 28, 2022 at 6:22 AM Titouan Rigoudy wrote: > [blink-dev to bcc] > > Hi José, > > Thanks for reaching out

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

[blink-dev to bcc] Hi José, Thanks for reaching out, and sorry for the confusion! To be clear, the blog post states that this would be enabled in 107 *at the earliest*, which reflected our best estimate back when we wrote the post. We are now aiming to ship and start a deprecation trial in 109

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi all, i've been working to fix an application that will be affected by PNA preflights (we have an application that talks to a private server and a local -127.0.0.1- server). As I understood from this blog post (https://developer.chrome.com/blog/private-network-access-preflight/#rollout-plan)

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi, Now when chrome 102 is out I wanted to test it so I ran it with *--enable-features=PrivateNetworkAccessRespectPreflightResults* There's one thing I'm trying to understand, I have an HTML page with a script tag, the src of this tag points to a more private network, the default behavior of scri

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi there, Thanks for reaching out. Andrew: Indeed, this was crbug.com/1329248, apologies for the oversight. The change has been rolled back on Friday. Chrome 102 should pick up the configuration change upon restart. cpmtatest: by default, script fetches are made in no-cors mode with credentials.

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi all - Just want to call out that this assumption... Chrome 102 should also not break anything, since we are sending preflights in warning-only mode. If the preflight fails, a warning is displayed in DevTools but the request proceeds as before ... turned out to be false. The change recently d

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi there, John: that's due to another facet of Private Network Access (not this intent) that started a deprecation trial in Chrome 94. See https://chromestatus.com/feature/5436853517811712. Unless signed up for the deprecation trial, HTTP websites are no longer allowed to make any requests to priv

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi Titouan, Blink Devs, Thank you for this news above. I work for a software vendor affected by this change, our software installs a small (https://localhost:60500) web server on a users local machine and our https:// SAAS web application connects to this to hand off various features We were

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Sorry seems I accidently switched the S sides in the first question, I meant from public HTTP to private HTTPS so it shouldn't be mixed content, and in such case there's no preflight request. As I mentioned I installed chrome 98 to test it, when accessing a resource from public HTTPS to private

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi there, 1. Such requests are blocked by mixed content. This launch does not change that. 2. You will want to respond 200 OK to PNA preflight requests to your private HTTPS server with the right headers. See the blog post [1] for details. Cheers, Titouan [1] https://developer.chrome.com/blog/pr

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

1. In Chrome 98, there were no preflight requests when accessing from public HTTPS to private HTTP, will the same be true in the final version? 2. In the case when I have a private HTTPS server that I want everyone to have access to (also via public HTTP), what options do I have ? On Wednesday,

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi all, Thanks for the timely question, I was about to send an update here. We have fixed nearly all of the blockers identified in the above doc. The only outstanding issue is the aforementioned crash, which required a bit more design work than the rest. That work has been completed and CLs to fi

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hello, is there now an updated timeline to roll out this change? Will the trial restart in Chrome 102 or a later version? On Wednesday, March 2, 2022 at 6:36:21 PM UTC+8 Titouan Rigoudy wrote: > Hi all, > > Here's the promised doc: > https://docs.google.com/document/d/1fdwetZXUz_Q03ZpGwXizq

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi all, Here's the promised doc: https://docs.google.com/document/d/1fdwetZXUz_Q03ZpGwXizq5AE1yn_lMhamUJMwvsHvTU/edit (public, comment access for committers only) Cheers, Titouan On Thu, Feb 17, 2022 at 3:29 PM Mike Taylor wrote: > Thanks for the update Titouan. Looking forward to reading your

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Thanks for the update Titouan. Looking forward to reading your doc. On 2/17/22 9:25 AM, Titouan Rigoudy wrote: Hi all, Just to let you know that due to a couple issues, chief among which a renderer crash (crbug.com/1279376 ), we are rolling this feature back from Chr

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi all, Just to let you know that due to a couple issues, chief among which a renderer crash (crbug.com/1279376), we are rolling this feature back from Chrome 98. A few issues have been identified and will block our next attempt at shipping this. In the meantime, we gathered some useful informati

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

LGTM3 for step 1. On Mon, Dec 6, 2021 at 6:11 AM Mike Taylor wrote: > LGTM2 for step 1. > > On 12/6/21 5:31 AM, Titouan Rigoudy wrote: > > *assuming I get 2 more LGTMs, that is. > > On Mon, Dec 6, 2021 at 11:31 AM Titouan Rigoudy > wrote: > >> Thanks! I'll come back for further discussion with

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

LGTM2 for step 1. On 12/6/21 5:31 AM, Titouan Rigoudy wrote: *assuming I get 2 more LGTMs, that is. On Mon, Dec 6, 2021 at 11:31 AM Titouan Rigoudy wrote: Thanks! I'll come back for further discussion with UKM data in hand. Cheers, Titouan On Mon, Dec 6, 2021 at 10:58 AM Y

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

*assuming I get 2 more LGTMs, that is. On Mon, Dec 6, 2021 at 11:31 AM Titouan Rigoudy wrote: > Thanks! I'll come back for further discussion with UKM data in hand. > > Cheers, > Titouan > > On Mon, Dec 6, 2021 at 10:58 AM Yoav Weiss wrote: > >> I agree UKM analysis should not block step 1, as

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Thanks! I'll come back for further discussion with UKM data in hand. Cheers, Titouan On Mon, Dec 6, 2021 at 10:58 AM Yoav Weiss wrote: > I agree UKM analysis should not block step 1, as it holds little risk. > (There's still some risks that servers will choke in the face of > preflights, but th

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

I agree UKM analysis should not block step 1, as it holds little risk. (There's still some risks that servers will choke in the face of preflights, but that seems minor compared to the enforcement risk) Therefore,* LGTM1 for step 1* (preflights with no enforcement), but not further (yet). Please c

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Yoav, do you think UKM analysis should block sending preflights without enforcing their success? I believe sending these will allow us to get more precise information on the affected websites through the usecounter recorded in crrev.com/c/3310846. I can then analyze UKM data and use the results to

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

I agree! Cheers, Titouan On Thu, Dec 2, 2021 at 5:17 PM Mike West wrote: > _I_ don't think we should do that, but I'd defer to Titouan's preference. > :) > > -mike > > > On Thu, Dec 2, 2021 at 5:14 PM Mike Taylor wrote: > >> Thanks - I also don't think there's a lot of value in this particular

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

_I_ don't think we should do that, but I'd defer to Titouan's preference. :) -mike On Thu, Dec 2, 2021 at 5:14 PM Mike Taylor wrote: > Thanks - I also don't think there's a lot of value in this particular > header being the odd-one-out, just wanted to confirm we're not going to > ship "true" f

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Thanks - I also don't think there's a lot of value in this particular header being the odd-one-out, just wanted to confirm we're not going to ship "true" first and try to change that to ?1 later (which is always challenging). On 12/2/21 11:11 AM, Mike West wrote: I'm not sure it makes sense to

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

I'm not sure it makes sense to introduce a structured header here, given that it's layering on top of CORS headers that I don't think there's substantial interest in changing. -mike On Thu, Dec 2, 2021 at 4:55 PM 'Titouan Rigoudy' via blink-dev < blink-dev@chromium.org> wrote: > Hi Mike, > > Th

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi Mike, There is no support for structured headers so far, for consistency reasons, and there has been no movement to deprecate the "true" value for Access-Control-Allow-Credentials. The value of such a deprecation seems minimal. I could pretty easily add support for the structured "?1" value on

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Hi Titouan, I'm curious what the plan is for structured headers. https://github.com/WICG/private-network-access/issues/45 is marked as blocked - has there been other progress or thinking behind the scenes? thanks, Mike On 11/29/21 10:36 AM, 'Titouan Rigoudy' via blink-dev wrote: C

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Thanks for the responses! Joe: the `PrivateNetworkAccessSendPreflights` feature flag will be enabled by default in M98 (if this intent gets 3 LGTMs). The `PrivateNetworkAccessRespectPreflightResults` will be enabled by default later, I am aiming for M101. On Tue, Nov 30, 2021 at 11:42 PM Erik And

RE: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Given this specifically calls out subresources and the design doc lists "the case of navigations" as "followup work," you're explicitly not touching how navigations (top-level or an iframe) work at this stage, correct? I expect the most significant compat impact to come from Windows apps that d

Re: [blink-dev] Intent to Ship: Private Network Access preflight requests for subresources

Titouan, Will the default for the runtime flag be 'Enabled' in 98? The DevTrial number should reflect when the flag was first available. 'Shipping' refers to when it can be used in production without web developers or users doing anything. This can mean the flag was removed or it can mean the fla