Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add UI for INSECURE_PRIVATE_NETWORK site setting (default disabled) #344

Closed
uazo opened this issue Mar 24, 2023 · 10 comments
Closed

Add UI for INSECURE_PRIVATE_NETWORK site setting (default disabled) #344

uazo opened this issue Mar 24, 2023 · 10 comments
Labels
enhancement New feature or request It would be nice to have it It would be nice to have it, in my opinion

Comments

@uazo
Copy link
Owner

uazo commented Mar 24, 2023
edited
Loading

Intel® Driver & Support Assistant seems to be able to access to localhost, but is it correct that the user is not notified?

check:
@uazo
Copy link
Owner Author

uazo commented Mar 25, 2023

temporary workaround: set chrome://flags/#private-network-access-respect-preflight-results

@uazo
Copy link
Owner Author

uazo commented Mar 25, 2023
edited
Loading

check what are they for ContentSettingsType::INSECURE_PRIVATE_NETWORK and ContentSettingsType::PRIVATE_NETWORK_GUARD

Issue 1338439: Prototyping permission prompt for private network access
https://bugs.chromium.org/p/chromium/issues/detail?id=1338439

idl change third_party/blink/renderer/core/fetch/request.idl

@uazo uazo added upstream Maybe it is a upstream issue and removed upstream Maybe it is a upstream issue labels Mar 25, 2023
@uazo
Copy link
Owner Author

uazo commented Mar 25, 2023

so INSECURE_PRIVATE_NETWORK and PRIVATE_NETWORK_GUARD are two different things.
the first is a policy-based on/off and allows access or denial to any local resource for all sites, unless InsecurePrivateNetworkRequestsAllowedForUrls is set.
the second one is more interesting but is a work in progress and allows the choice between which resources the website can access.
the first one is stable, but it would lack the ui and especially the prompt to the user

@uazo uazo changed the title Add a site setting to allow sites to access localhost (default disabled) Add UI for INSECURE_PRIVATE_NETWORK site setting (default disabled) Mar 25, 2023
@uazo
Copy link
Owner Author

uazo commented Mar 28, 2023

so, the site setting only works in Allow mode and is not active in workers.
This is unfortunate because it does not allow me to open a bug in chromium....
What's more, I noticed that the check is done only after the connection to the endpoint, so through a timing check it would still be possible to derive whether a port on a local address turns out to be open or not.
However, the modification seems feasible.

@uazo
Copy link
Owner Author

uazo commented Mar 28, 2023

wip patch https://gist.github.com/uazo/e61cf8d777f4111c059466d6c6184972
temporarily suspended for rebase on v112

@uazo
Copy link
Owner Author

uazo commented May 2, 2023

check PageSpecificContentSettings::MaybeNotifySiteDataObservers() whether it is possible to show info to the user via the ui

@uazo uazo mentioned this issue May 12, 2023
Closed
1 task
@uazo
Copy link
Owner Author

uazo commented May 13, 2023

check LocalNetworkAccessChecker::CheckInternal

@uazo uazo added the enhancement New feature or request label May 20, 2023
@uazo
Copy link
Owner Author

uazo commented Jun 22, 2023

Localhost access permission in brave

@uazo
Copy link
Owner Author

uazo commented Aug 25, 2023
edited
Loading

Intent to Prototype: Private Network Access restrictions for automotive
http://groups.google.com/a/chromium.org/group/blink-dev/t/30ed8798a6857bc7
https://docs.google.com/document/d/1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI/edit

@uazo
Copy link
Owner Author

uazo commented Sep 26, 2023
edited
Loading

new flag in v117: kPrivateNetworkAccessForWorkers kPrivateNetworkAccessForIframesWarningOnly
see FeatureStateForContext in content/browser/renderer_host/private_network_access_util.cc

@uazo uazo transferred this issue from uazo/bromite-buildtools Sep 26, 2023
@uazo uazo added the It would be nice to have it It would be nice to have it, in my opinion label Oct 21, 2023
uazo added a commit that referenced this issue Apr 17, 2024
@uazo
#344 Add UI for INSECURE_PRIVATE_NETWORK site setting
d0ad345
@uazo uazo mentioned this issue Apr 19, 2024
Closed
@uazo uazo closed this as completed Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request It would be nice to have it It would be nice to have it, in my opinion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@uazo