Restrict "private network requests" for subresources from public websites to secure contexts.

Feature: Restrict "private network requests" for subresources from public websites to secure contexts.

Requires that private network requests for subresources from public websites may only be initiated from a secure context. Examples include internet to intranet requests and internet to loopback requests. This is a first step towards fully implementing Private Network Access: https://wicg.github.io/private-network-access/

Motivation

Servers running inside local networks, or on a user's device, expose powerful capabilities to the web in ways that can be quite dangerous. Private Network Access proposes a set of changes to limit the impact of requests to these servers by ensuring that the servers are opting-into any communication with external entities. For this opt-in to have any meaning, the servers need to be able to ensure that the client origin is authenticated. To that end, only secure contexts are empowered to make external requests. This change is separable from the rest of Private Network Access, and we can make it now, before the rest of the larger feature is ready.

Documentation

https://docs.google.com/document/d/1x1a1fQLOrcWogK3tpFBgQZQ5ZjcONTvD0IqqXkgrg5I/edit#heading=h.7nki9mck5t64

Specification

Specification link

Status: Specification being incubated in a Community Group

Status in Chromium

Blink components: Blink>SecurityFeature>CORS>PrivateNetworkAccess

Implementation status: Origin trial (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Under consideration
Safari: Positive
Web Developers: Negative

Owners

Intent to Prototype url

Intent to Prototype thread

Last updated on 2022-01-21