Grant Private Network Access preflights for /files/ data links#395
Open
krokicki wants to merge 1 commit into
Open
Grant Private Network Access preflights for /files/ data links#395krokicki wants to merge 1 commit into
krokicki wants to merge 1 commit into
Conversation
…links Chromium (Chrome/Edge) sends a CORS preflight before any request from a public-origin page (e.g. https://neuroglancer-demo.appspot.com) to a private-network address, and only proceeds if the response echoes `Access-Control-Allow-Private-Network: true`. Starlette's CORSMiddleware does not emit this, so Chromium blocks cross-origin viewers (Neuroglancer/N5/Vizarr) from loading data hosted on an internal host. Add a pure-ASGI PrivateNetworkAccessMiddleware that echoes the grant header on preflights carrying `Access-Control-Request-Private-Network: true`, registered outside CORSMiddleware so it wraps the preflight response. Note: this does not affect Firefox, which uses a user-permission model (Local Network Access) rather than this header. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Browsers are tightening access from public-origin pages to private-network hosts. Chromium (Chrome/Edge) does this via Private Network Access (PNA): before a request from a public-origin page (e.g.
https://neuroglancer-demo.appspot.com) to a private-network address (e.g. an internal host serving Fileglancer's/files/data links), the browser sends a CORS preflight carryingAccess-Control-Request-Private-Network: true. The request only proceeds if the response echoesAccess-Control-Allow-Private-Network: true.Starlette's
CORSMiddlewaredoes not emit that header, so Chromium blocks cross-origin viewers (Neuroglancer/N5/Vizarr) from loading data hosted on an internal network.Change
Add a small pure-ASGI
PrivateNetworkAccessMiddleware(modeled on the existingRequestIdMiddleware) that appendsAccess-Control-Allow-Private-Network: trueto responses for preflights carrying the PNA request header. It is registered outsideCORSMiddlewareso it wraps the preflight response that CORS generates. The header is added only when the PNA request header is present (sent by browsers solely on preflights), so it never leaks onto normal data responses.Tests
test_pna_preflight_grants_private_network— preflight with the PNA request header gets the grant header back.test_pna_header_absent_without_request— the grant header does not appear on ordinary responses.Note on Firefox
This does not address Firefox, which uses a user-permission model (Local Network Access) rather than a server header. The Firefox remedy is client/policy-side (
network.lna.skip-domains, or the enterpriseLocalNetworkAccesspolicy). This PR gets ahead of the equivalent Chromium breakage.A mirroring change is in x2s3, since the two share this CORS surface.
@StephanPreibisch @JaneliaSciComp/fileglancer