Thanks for the responses! Joe: the `PrivateNetworkAccessSendPreflights` feature flag will be enabled by default in M98 (if this intent gets 3 LGTMs). The `PrivateNetworkAccessRespectPreflightResults` will be enabled by default later, I am aiming for M101.
On Tue, Nov 30, 2021 at 11:42 PM Erik Anderson <erik.ander...@microsoft.com> wrote: > Given this specifically calls out subresources and the design doc lists > “the case of navigations” as “followup work,” you’re explicitly not > touching how navigations (top-level or an iframe) work at this stage, > correct? > That is correct. > I expect the most significant compat impact to come from Windows apps that > delegate to the default browser to do a login flow where the last step of > the auth flow is making a request to a localhost HTTP server to pass back > to the app an auth ticket. > > > > I anticipate most of those are top-level navigations, but my experience > with the first version of Microsoft Edge (pre-Chromium) which prevented > localhost loopback for subresources (including iframes), there are apps > that handle it some other way which we broke. Some of those may have been > passing it back via an iframe navigation (I don’t recall—it was 6+ years > ago) in which case they’ll potentially still work after this change. > If they indeed use either top-level or iframe navigations, then they will be unaffected by this change. > The Microsoft Edge team will work to reach out to Microsoft teams that are > potentially impacted. If the roadmap is going to eventually force a > preflight before allowing a navigation to a private network origin, we > would ideally include clear guidance on what’s likely coming there as well. > Is there a general timeline you have in mind for expanding this to > navigations as well? > I don't have a very clear timeline yet, but I wish to tackle nested navigations in particular in M100. Cheers, Titouan > *From:* 'Titouan Rigoudy' via blink-dev <blink-dev@chromium.org> > *Sent:* Monday, November 29, 2021 7:37 AM > *To:* blink-dev <blink-dev@chromium.org> > *Subject:* [blink-dev] Intent to Ship: Private Network Access preflight > requests for subresources > > > Contact emails > > tito...@chromium.org, v...@chromium.org, cl...@chromium.org > > > Explainer > > https://github.com/WICG/private-network-access/blob/main/explainer.md > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Fprivate-network-access%2Fblob%2Fmain%2Fexplainer.md&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469545884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2O5hAhhk14yQvQKTVhQJ4IYIrdwuM6w6cOHvkf6CXkI%3D&reserved=0> > > > Specification > > https://wicg.github.io/private-network-access/ > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwicg.github.io%2Fprivate-network-access%2F&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469545884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=jJlAWDJEN8BL5LbJHVZYwOuYrd6cW1HEl%2FyW74NagB8%3D&reserved=0> > > > Design docs > > > > https://docs.google.com/document/d/1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI/edit > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI%2Fedit&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469545884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qciJpdsRPa%2FlD61vDfbxProY3%2BU29651d5u6GxvyWfE%3D&reserved=0> > > > Summary > > Sends a CORS preflight request ahead of any private network requests for > subresources, asking for explicit permission from the target server. A > private network request is any request from a public website to a private > IP address or localhost, or from a private website (e.g. intranet) to > localhost. Sending a preflight request mitigates the risk of cross-site > request forgery attacks against private network devices such as routers, > which are often not prepared to defend against this threat. > > > > > Blink component > > Blink>SecurityFeature>CORS>PrivateNetworkAccess > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Flist%3Fq%3Dcomponent%3ABlink%253ESecurityFeature%253ECORS%253EPrivateNetworkAccess&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469545884%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2BpzABpjfTWfZBd1EXZSnRA5ZxzMBGW205bfxDJbIQeE%3D&reserved=0> > > > TAG review > > https://github.com/w3ctag/design-reviews/issues/572 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3ctag%2Fdesign-reviews%2Fissues%2F572&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469595876%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=jXbqAH3Yorpra2PYzN9MlrV0ciU%2B63GcXmixjqlojT4%3D&reserved=0> > > > TAG review status > > Pending > > > Risks > > > > > Interoperability and Compatibility > > The main interoperability risk, as always, is if other browser engines do > not implement this. Compat risk is straightforward: web servers that do not > handle the new preflight requests will eventually break, once the feature > ships. The plan to address this is as follows: 1. Send preflight request, > ignore result, always send actual request. Failed preflight requests will > result in a warning being shown in devtools. 2. Wait for 3 milestones. 3. > Gate actual request on preflight request success, with deprecation trial > for developers to buy some more time. 4. End deprecation trial 4 milestones > later. UseCounters: > https://chromestatus.com/metrics/feature/timeline/popularity/3753 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromestatus.com%2Fmetrics%2Ffeature%2Ftimeline%2Fpopularity%2F3753&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469595876%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4kny0InSg7HlGy0Bd2lrVK9XRqK3cW3niX%2FeEOcwP5o%3D&reserved=0> > https://chromestatus.com/metrics/feature/timeline/popularity/3755 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromestatus.com%2Fmetrics%2Ffeature%2Ftimeline%2Fpopularity%2F3755&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469595876%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Z0n76iP4euzqgKvvHVgS1oe0YQ%2FE8yIfjS5UYofWtUs%3D&reserved=0> > https://chromestatus.com/metrics/feature/timeline/popularity/3757 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromestatus.com%2Fmetrics%2Ffeature%2Ftimeline%2Fpopularity%2F3757&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469595876%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=a0b0nuZpDucjYw0L75zG7WarXGifUU%2F3BMuyYIkE6Xs%3D&reserved=0> > The above measure pages that make at least one private network request for > which we would now send a preflight request. > > > > Gecko: Worth prototyping ( > https://github.com/mozilla/standards-positions/issues/143 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmozilla%2Fstandards-positions%2Fissues%2F143&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469595876%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Pw0IcGEOTCSpCpHS5dmoMmr20hYCzlJtjEZIiRTtDr8%3D&reserved=0> > ) > > WebKit: No signal ( > https://lists.webkit.org/pipermail/webkit-dev/2021-November/032040.html > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.webkit.org%2Fpipermail%2Fwebkit-dev%2F2021-November%2F032040.html&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469645885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=FzF7ajSmo9mb6EHYGcWIcEMar%2F2He6aQmkn6NTFEkjY%3D&reserved=0>) > Pending response. > > Web developers: No signals Anecdotal evidence so far suggests that most > web developers are OK with this new requirement, though some do not control > the target endpoints and would be negatively impacted. > > Other signals: > > > Ergonomics > > None. > > > > > Activation > > Gating access to the private network overnight on preflight requests would > likely result in widespread breakage. This is why the plan is to first send > requests but not act on their result, giving server developers time to > implement code handling these requests. Deprecation warnings will be > surfaced in DevTools to alert web/client developers when the potential for > breakage later on is detected. Enforcement will be turned on later (aiming > for 3 milestones), along with a deprecation trial for impacted web > developers to buy themselves some more time. Experience suggests a large > fraction of developers will not notice the advance deprecation warnings > until things break. > > > > > Security > > This change aims to be security-positive, preventing CSRF attacks against > soft and juicy targets such as router admin interfaces. DNS rebinding > threats were of particular concern during the design of this feature: > https://docs.google.com/document/d/1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI/edit#heading=h.189j5gnadts9 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1FYPIeP90MQ_pQ6UAo0mCB3g2Z_AynfPWHbDnHIST6VI%2Fedit%23heading%3Dh.189j5gnadts9&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469645885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=z9BSaPSAMNIY82H21ZQUY0HSq8OfHhQhF%2BtmTHZWlIE%3D&reserved=0> > > > > > Debuggability > > Relevant information (client and resource IP address space) is already > piped into the DevTools network panel. Deprecation warnings and errors will > be surfaced in the DevTools issues panel explaining the problem when it > arises. > > > > > Is this feature fully tested by web-platform-tests > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromium.googlesource.com%2Fchromium%2Fsrc%2F%2B%2Fmaster%2Fdocs%2Ftesting%2Fweb_platform_tests.md&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469645885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Zg263Rtv7aA9HqmCYQffLwsZsr2KPR2%2Bw0XTZ4LJ70k%3D&reserved=0> > ? > > Yes > > > DevTrial instructions > > https://github.com/WICG/private-network-access/blob/main/HOWTO.md > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Fprivate-network-access%2Fblob%2Fmain%2FHOWTO.md&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469645885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=m74fa8bhe5yZbht8Nv6MDGhocnPCwXs3HudQrll3Qds%3D&reserved=0> > > > Flag name > > PrivateNetworkAccessRespectPreflightResults > > > Requires code in //chrome? > > False > > > Tracking bug > > https://crbug.com/591068 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrbug.com%2F591068&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469645885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qYWCnSQm8bSFOtrfCBoCa9VpnGiZrYFUYKli0Dj7n54%3D&reserved=0> > > > Launch bug > > https://crbug.com/1274149 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcrbug.com%2F1274149&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469695872%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=QE6elUu1aGLGG1g5v5WfMMrvTym1g%2FvvcVKgF7%2BjWps%3D&reserved=0> > > > Estimated milestones > > DevTrial on desktop > > 98 > > > > DevTrial on android > > 98 > > > > > > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5737414355058688 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromestatus.com%2Ffeature%2F5737414355058688&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469695872%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=tMVsoY3tzjDyiMRGtXCEyEXexuoD8C9NGJksi9M8M4o%3D&reserved=0> > > > Links to previous Intent discussions > > Intent to prototype: > https://groups.google.com/a/chromium.org/g/blink-dev/c/PrB0xnNxaHs/m/jeoxvNjXCAAJ > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fg%2Fblink-dev%2Fc%2FPrB0xnNxaHs%2Fm%2FjeoxvNjXCAAJ&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469695872%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=nHjAv5x%2Fxby8ewwlGT14uYly1f5ER8ymv9z3PsxYuVc%3D&reserved=0> > > > This intent message was generated by Chrome Platform Status > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.chromestatus.com%2F&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469695872%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=bmwaT3UY8kBBgnzDOq8FRIbShGwTiod5LD09iXY48jQ%3D&reserved=0> > . > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPATO9fdAK%2BnrTfUzug8ub_DhV_LE0b7XrgZ7j5%2Bj_BHtW-FXg%40mail.gmail.com > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fd%2Fmsgid%2Fblink-dev%2FCAPATO9fdAK%252BnrTfUzug8ub_DhV_LE0b7XrgZ7j5%252Bj_BHtW-FXg%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7Cerik.anderson%40microsoft.com%7Cd326417d74594f3438d708d9b34e230f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637737970469695872%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=q%2BT5FgKhsJvINET6z8Vr9dcDx5TRgQcUFLz7esn2qSs%3D&reserved=0> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPATO9efMf0DnC10j2%3D9AYiDeTjpnz6KaHbVJcgmBeQmdnNUtQ%40mail.gmail.com.
