Support for Access-Control-Allow-Private-Network? #320
Replies: 2 comments
-
|
Hello @kennethskantz As I understand it, the Access-Control-Allow-Private-Network header is not yet an official web standard, although there is an intent to standardise it as part of the Private Network Access (PNA) specification. Currently, only Chromium-based browsers (such as Chrome and Edge) have implemented this functionality. Most Optimizely CMS solutions are hosted in DXP, which are public-facing environments and therefore do not typically require this header. I assume in this scenario that you’re self-hosting Optimizely CMS within a private network, which would make this an edge case. The CORS functionality in this add-on leverages the ASP.NET Core CORS implementation, which does not yet support this header natively. I can consider adding support in a future release, but due to its limited adoption and narrow use case, it won’t be a high priority at this stage. In the meantime, you can implement a custom middleware to append the header under the following conditions:
Example Middleware: app.Use(async (context, next) =>
{
if (HttpMethods.IsOptions(context.Request.Method) &&
context.Request.Headers.ContainsKey("Access-Control-Request-Private-Network"))
{
context.Response.Headers["Access-Control-Allow-Private-Network"] = "true";
}
await next.Invoke();
});
app.MapControllers(); |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your quick response, I'll give it a try. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Is there support for Private Network Access (formerly CORS-RFC1918)?
For example "Access-Control-Allow-Private-Network: true".
Beta Was this translation helpful? Give feedback.
All reactions