Blazor WASM: Silent Logins fail since Chrome 142 on applications hosted in local networks #64699
Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
When running Blazor Apps on private network (192.168.., 172.16.., 10...*) the OIDC callback during silent authentication is getting blocked with Status: Cross Origin Resource Sharing error: LocalNetworkAccessPermissionDenied
This problem occurs in Chrome 142 and newer due to the newly enabled Feature Feature: Local network access restrictions
Policy LocalNetworkAccessAllowedForUrls does not fix the problem.
The guide states: "The LocalNetworkAccessAllowedForUrls policy applies to the top-level origin of the site making the request. If the actual local network access is being made inside of an iframe embedded on that page (or in a nested iframe), all iframes must set the permissions policy flag."
Expected Behavior
Proposed Solution:
Add ability to configure RemoteAuthenticatorView to set the required permission on the iframe, e.g. allow="local-network-access domainB.example domainC.example"
Steps To Reproduce
- use OIDC Authentication
- run app IP considered private 192.168.., 172.16.., 10...*
- authenticate
- close and reopen the browser
- monitor the network in developer console (callback gets blocked and user is not authenticated)
Exceptions (if any)
No response
.NET Version
9.0.11
Anything else?
No response