Sends a CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server. A private network request is any request from a public website to a private IP address or localhost, or from a private website (e.g. intranet) to localhost. Sending a preflight request mitigates the risk of cross-site request forgery attacks against private network devices such as routers, which are often not prepared to defend against this threat.

Motivation

Private network services are often ill-equipped to deal with cross-site request forgery attacks carried out by malicious code running in users' browsers. These attacks have been used to compromise the security of hundreds of thousands of users around the world. Private Network Access proposes to solve this problem by: 1. Requiring that private network requests be initiated by secure contexts. 2. Sending an augmented CORS preflight request before the actual request. Together, this ensures that private network devices must explicitly opt into receiving subresource requests from secure and authenticated public websites.

Documentation

• https://docs.google.com/document/d/1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI/edit

Specification

Specification link

Status: Specification being incubated in a Community Group

Status in Chromium

Blink components: Blink>SecurityFeature>CORS>PrivateNetworkAccess

Implementation status: Enabled by default (tracking bug)

Consensus & Standardization

• Firefox: Worth prototyping
• Safari: No signal
• Web Developers: No signals

Owners

• titouan@chromium.org
• vahl@chromium.org
• clamy@chromium.org

Intent to Prototype url

Comments

LGTMs valid for step 1 only: sending preflights without enforcement.

Last updated on 2022-01-10