Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📝 [Proposal]: Add Support for the Private Network Access CORS Header Access-Control-Request-Private-Network #2804

Closed
3 tasks done
GalvinGao opened this issue Jan 19, 2024 · 7 comments
Closed
3 tasks done

📝 [Proposal]: Add Support for the Private Network Access CORS Header Access-Control-Request-Private-Network #2804

GalvinGao opened this issue Jan 19, 2024 · 7 comments
Assignees
@Behzad-Khokher
Labels
✏️ Feature 📝 Proposal v3
Milestone
v3

Comments

@GalvinGao
Copy link
Contributor

GalvinGao commented Jan 19, 2024
edited
Loading

Feature Proposal Description

Add CORS Middleware Support for the Private Network Access CORS Header Access-Control-Request-Private-Network to avoid additional preflight/timeout time cost.

Alignment with Express API

Express.js's CORS middleware has not been updated yet.

HTTP RFC Standards Compliance

API Stability

It seems that Chrome 104 has already shipped this header.

Feature Examples

app.Use(cors.New(cors.Config{
    AllowPrivateNetworkAccess: true,

    // other already existing fields omitted...
}))

Example Request

OPTIONS /path HTTP/1.1
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Private-Network: true
Origin: https://example.com
Sec-Fetch-Mode: cors

Expected Response for the Example Request

HTTP/1.1 204 No Content
Access-Control-Allow-Private-Network: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,HEAD,PUT,DELETE,PATCH

Checklist:

  • I agree to follow Fiber's Code of Conduct.
  • I have searched for existing issues that describe my proposal before opening this one.
  • I understand that a proposal that does not meet these guidelines may be closed without explanation.
@Behzad-Khokher
Copy link
Member

This is really interesting. But I was just curious how are we avoiding pre-flight requests in this case. To access a private resource wouldn't the browser still need to make an [options] pre-flight request with the header Access-Control-Request-Private-Network: true for the server would respond with Access-Control-Allow-Private-Network: true.

What I'm confused about is that isn't it up to the browser to decide automatically when a pre-flight request needs to be sent. Either way, it would be sending a pre-flight request any way? So how are we avoiding additional pre-flights?

@the-hotmann
Copy link
Contributor

@Behzad-Khokher
here the blogpost from Google, on how it works: https://developer.chrome.com/blog/private-network-access-preflight

@ReneWerner87
Copy link
Member

ReneWerner87 commented Jan 23, 2024
edited
Loading

sure we can do this

@Behzad-Khokher
Copy link
Member

@ReneWerner87 I can look into this. May I self assign?

@ReneWerner87
Copy link
Member

Thx

@Behzad-Khokher Behzad-Khokher mentioned this issue Mar 9, 2024
Merged
12 tasks
@coderabbitai coderabbitai bot mentioned this issue Mar 11, 2024
Merged
@sixcolors
Copy link
Member

sixcolors commented Mar 12, 2024
edited
Loading

This is still in draft and has not been accepted as a standard. https://wicg.github.io/private-network-access/

recommend against adding at this time.

@coderabbitai coderabbitai bot mentioned this issue Mar 17, 2024
Merged
This was referenced Mar 26, 2024
Merged
Merged
Merged
@gaby
Copy link
Member

gaby commented Mar 28, 2024

Fixed via #2908 will be a new festure in Fiber v3

@gaby gaby closed this as completed Mar 28, 2024
@gaby gaby added this to the v3 milestone Mar 28, 2024
@coderabbitai coderabbitai bot mentioned this issue Apr 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Behzad-Khokher Behzad-Khokher

Labels
✏️ Feature 📝 Proposal v3
Projects
v3
Status: Done
Milestone
v3
Development

No branches or pull requests
6 participants
@gaby @sixcolors @ReneWerner87 @GalvinGao @the-hotmann @Behzad-Khokher