preface
Network requests, you’re definitely familiar with them, and network requests that fail, you’re definitely familiar with them. Checking Internet requests, that’s what we all need, right, man.
I frankly, the most afraid of two kinds of network request failure.
-
The first type: there is no abnormality in PC simulation, and the network request information of ERUDA and Vconsole on mobile phone is blank.
This is a bit bigger than the head, and it may be necessary to set up the mobile phone’s network agent + packet capture tool to investigate.
-
The second method, Provisional headers are shown, is also a headache. Although there are many articles on the Internet about the method of investigation, it does not work well in many cases, and this time, it does not take effect.
Today, the guest is more special: Private Network Access translated into Chinese, is the Private Network request, start the text.
Cause after
See the point:
- Local (PC) development
- Start a Web project with an HTTP page, similar to http://localhost:9093
- Webview opens a dynamic page of the CDN (source site Ali OSS)
- Activities page requests a local area network (LAN) opens the cors interface similar to: http://192.168.19.87:11606/como/flags
Browser info: Chrome X64 95
The following result information is obtained and an exception is blown
Network request List information:
Network Request Details:
After that, I initially doubted the Referrer Policy and the so-called Provisional Headers are shown, and experienced the following operations.
Modify the REFER policy of H5 activities
<meta name="referrer" content="no-referrer">
Copy the code
www.jianshu.com/p/265124755…
failure
To disable Chrome ://flags/#site-isolation-trial-opt-out etc
CAUTION: provisional headers are shown” in Chrome debugger
failure
Other attempts to
- Failed to configure the domain name (changing localhost) for the local Web project
- Open the web project with 360 browser, and the network request succeeds
- Copy the request as fetch to the console and execute successfully
- Start a web site emulation page locally and execute the same network request successfully
At this point, I’m a little confused, can you launch a page locally and call the same interface successfully? Can not succeed on THE CDN, is it related to the CDN strategy?
CAUTION: Provisional headers are shown” in Chrome debugger
So I open chrome:// Flags/panel and search for Cors.
Windfall
Block Insecure private Network requests Block Insecure private Network requests Block insecure private network requests Block insecure private network requests Block insecure private network requests Block Insecure private network requests
Do him, restart??
Incredibly, well, tears are coming out, because of this matter, put a few days, recently feel
I can’t get over this hurdle in my heart! I can’t get over this hurdle in my heart! I can’t get over this hurdle in my heart!
A careless past, no care, I have to eat, don’t stop me.
As mentioned earlier, the 360 browser does not have this problem, so which version of Chrome started to implement this feature. After searching Google literature, the final confirmation is ** 94**, that is, browsers below this version will not be affected.
Private Network Access Update: Introducing a Deprecation Trial, August 2021
Root cause Private Network Access
Read the description of this feature completely:
Prevents insecure contexts from making sub-resource requests to more private IP addresses. If 1) IP1 is localhost and ip2 is not, or 2) IP1 is private and ip2 is public, then IP address IP1 is more private than IP2. This is the first step towards full implementation of CERS-RFC1918: WICg.github. IO/CERS-RFC191…
Insight prevents resource requests to more private IP addresses.
Activity page in CDN, belongs to the public http://192.168.19.87:11606/como/flags network request, belongs to the local area network (LAN)
A request from a public network to a LAN is a request from a private network, so it is banned.
Open the link in the feature description to go to the protocol address: wicg.github. IO /private-net…
Just to add a little bit of knowledge, the web is roughly divided into
- Local (local)
- Private (private network)
- Public network
Private degree Local > private > public
A picture is worth a thousand words:
Of course, for more information, see Private Network Access
Three questions
- Whether the request is intercepted by the Private Network Access policy and sent to the server
- The LAN sends network requests to the local machine
- In addition to closing Chrome
Block insecure private network requests
Is there any other way to solve this problem besides the feature
summary
This agreement, which was drafted in June 2021, has to say chrome you are really awesome.
This explains the success of the 360 browser.
Private network requests do provide a degree of security.
reference
“CAUTION: Provisional headers are shown” in Chrome debugger Private Network Access [/ url