Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add support for Private Network Access (CORS header Access-Control-Allow-Private-Network)

See original GitHub issue

Is there an existing issue for this?

I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

I am trying to reach my ASP.NET core api running on https://localhost:5001/ from a SPA which is hosted on another domain (although same computer for me) and I get a CORS error.

Describe the solution you’d like

I would like to propose that we extend the CorsPolicy with the boolean property AllowPrivateNetworkAccess and CorsPolicyBuilder with the method WithPrivateNetworkAccess which the CorsService uses to set the Access-Control-Allow-Private-Network: true on preflight requests if the browser sends the Access-Control-Request-Private-Network: true header in the request.

Additional context

Link to WICG Draft: https://wicg.github.io/private-network-access/ Link to Chrome developer article about the feature and roll out: https://developer.chrome.com/blog/private-network-access-preflight/

Issue Analytics

State:
Created a year ago
Comments:7 (3 by maintainers)

Top GitHub Comments

3reactions

Andreas-Hjortlandcommented, Mar 25, 2022

For people who are having issues with the private network access cors header, you can add the following code snippet just before app.UseCors() in your ASP.NET application to work around the issue until we get proper support through the CorsPolicyBuilder interface:

// Enable PNA preflight requests
app.Use(async (ctx, next) =>
{
    if (ctx.Request.Method.Equals("options", StringComparison.InvariantCultureIgnoreCase) && ctx.Request.Headers.ContainsKey("Access-Control-Request-Private-Network"))
    {
        ctx.Response.Headers.Add("Access-Control-Allow-Private-Network", "true");
    }

    await next();
});
app.UseCors();

1reaction

msftbot[bot]commented, Oct 26, 2022

Thanks for contacting us.

We’re moving this issue to the .NET 8 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s). If we later determine, that the issue has no community involvement, or it’s very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues. To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.