Support Access-Control-Allow-Private-Network in preflight request

Question

Support Access-Control-Allow-Private-Network in preflight request

wchenNL opened this issue 2 years ago · 2 comments

Latest Chrome (Version 106.0.5249.119 (Official Build) (x86_64)) now sends a preflight request which expects a Access-Control-Allow-Private-Network header in the response.

https://developer.chrome.com/blog/private-network-access-preflight/

Is it possible to support this?

We are using Corsica in our endpoint.ex

  plug Corsica,
    origins: [
      "http://localhost:3000"
    ],
    log: [rejected: :error, invalid: :warn, accepted: :debug],
    allow_headers: ["content-type", "authorization"],
    allow_credentials: true

Ideally, have an option like below would be great:

  plug Corsica,
    origins: [
      "http://localhost:3000"
    ],
    log: [rejected: :error, invalid: :warn, accepted: :debug],
    allow_headers: ["content-type", "authorization"],
    allow_credentials: true,
    allow_private_network: true

Answer 1 · 2022-10-23T15:16:27.000Z

Just took a look at the spec draft and yeah, that sounds good. Any chance you'd want to work on a PR to support the option? 🙃

Answer 2 · 2022-10-24T22:45:43.000Z

@whatyouhide I have the change locally now, can you grant me permission to create the PR?