[bawolff]

I thought chrome was now blocking this anyways unless you specificly opt in with CORS.

[oefrha]

It’s called Private Network Access and it’s still behind an experimental flag for now.

https://wicg.github.io/private-network-access/

https://developer.chrome.com/blog/private-network-access-upd...

Also ws/wss has no SOP/CORS which could be a problem, but that has nothing do with the domain blocking here.

[charcircuit]

The link you gave said it released 2 years ago in Chrome 94.

[oefrha]

That's why I said "behind an experimental flag". Search for "private network" in chrome://flags.

Oh I see what you mean. The default blocking behavior in Chrome 94 only applies to public non-secure contexts. We’re talking about a stricter form applied to secure contexts here.