26

We have a web-based system hosted in the LAN (non-SSL). From Chrome 102 (Windows/Ubuntu), we face a randomly CORS issue which describes as

has been blocked by CORS policy: Request had a targe IP address space of 'unknown' yet the resource is in address space 'private'

and I also attach the picture:

The issue is not always happen, sometimes it is ok after we refresh Chrome. But sometimes it occur on other resource file, like css or js.

We do not know why a web page on 192.168.1.168:8888 uses "script" and "link" tag to fetch .js/.css (also existed on 192.168.1.168:8888) will trigger this issue sometimes.

The "Access-Control-Allow-Origin" header are set as "*" in the backend code. This problem bothers us so much, does anyone know any action we can do to solve issue?

ChrisGPT was on strike
  • 127,765
  • 105
  • 273
  • 257
Mone Xiao
  • 261
  • 3
  • 4
  • 3
    See this: https://developer.chrome.com/blog/private-network-access-preflight/ – jub0bs May 31 '22 at 20:02
  • The document said PNA preflight just show error on dev tool, not affect the actual procedure currently. But the issue in my case affects the resource loading, and then js function or css style will be undefined or missed due to the web-based system is abnormal. – Mone Xiao May 31 '22 at 23:24
  • 1
    We do not understand why the css and js file hosted on same origin (192.168.1.168:8888) of current webpage will trigger the CORS. – Mone Xiao Jun 01 '22 at 00:17
  • 4
    Perhaps this is related: https://bugs.chromium.org/p/chromium/issues/detail?id=1329248 – Heiko Theißen Jun 01 '22 at 13:46
  • 1
    I'm having the same issue when attempting to do ajax request to the same origin (It's not even cross-origin) aprox. 20% of the time the request fails with the following message: "Request had a target IP address space of `unknown` yet the resource is in address space `public`" – Valentoni Jun 06 '22 at 15:36
  • 2
    Same as @Valentoni, the issue is not always happen, but any request which use same origin and target will trigger potentially randomly. I try to disable chrome flags: "Block insecure private network requests", "Send Private Network Access preflights", "Respect the result of Private Network Access preflights", seem not totally work, sitll randomly happen. – Mone Xiao Jun 07 '22 at 00:52
  • 2
    Apparently it is related to this bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1332495 – Valentoni Jun 08 '22 at 05:37
  • We are getting this error for CSS requests which have "Sec-Fetch-mode" as "no-cors". This happens only the first time; it goes away after a browser refresh. Any solutions for this? – Jacob Jun 08 '22 at 11:59
  • Does anyone find any solution? we are also facing same issue – Rockers Technology Jun 21 '22 at 12:50
  • 3
    Chrome 103 is released, maybe it will fix the issue. – Mone Xiao Jun 22 '22 at 05:22
  • 2
    Chrome 103 still has this issue. I had to start using edge. – J.Kuai Jun 24 '22 at 02:58
  • The problem exists in Edge too, which makes sense, as it uses Chromiun engine, also, which is the source of the issue. This have been such a headache. – Valentoni Jun 25 '22 at 03:55
  • Maybe I am lucky. After Chrome 103.0.5060.53, I do not encounter this problem again. – Mone Xiao Jul 05 '22 at 02:34
  • I have the same issue in Chrome 107 :( – misolo Jul 20 '22 at 11:12

0 Answers0