Edge Beta, Version 92.0.902.9 CORS Error

%3CLINGO-SUB%20id%3D%22lingo-sub-2449176%22%20slang%3D%22en-US%22%3EEdge%20Beta%2C%20Version%2092.0.902.9%20CORS%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2449176%22%20slang%3D%22en-US%22%3E%3CP%3EI%20test%20our%20Criminal%20Justice%20Client%20against%20the%20EDGE%20DEV%20version%20and%20yesterday%20when%20I%20tested%20I%20got%20the%20following%20error%3A%3C%2FP%3E%3CP%3EAccess%20to%20XMLHttpRequest%20at%20'%3CA%20href%3D%22http%3A%2F%2Flocalhost%2Fjusticelink%2Fidentityservice%2Fgettermkeyjson%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Flocalhost%2Fjusticelink%2Fidentityservice%2Fgettermkeyjson%3C%2FA%3E'%20from%20origin%20'%3CA%20href%3D%22http%3A%2F%2Fjlink4fe.norsoftconsulting.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fjlink4fe.norsoftconsulting.com%3C%2FA%3E'%20has%20been%20blocked%20by%20CORS%20policy%3A%20The%20request%20client%20is%20not%20a%20secure%20context%20and%20the%20resource%20is%20in%20more-private%20address%20space%20%60local%60.%3CBR%20%2F%3Ejquery-3.1.1.js%3A9536%20GET%20%3CA%20href%3D%22http%3A%2F%2Flocalhost%2Fjusticelink%2Fidentityservice%2Fgettermkeyjson%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Flocalhost%2Fjusticelink%2Fidentityservice%2Fgettermkeyjson%3C%2FA%3E%20net%3A%3AERR_FAILED%3CBR%20%2F%3Esend%20%40%20jquery-3.1.1.js%3A9536%3CBR%20%2F%3Eajax%20%40%20jquery-3.1.1.js%3A9143%3CBR%20%2F%3Ea.ajax%20%40%20jquery-migrate-3.0.0.min.js%3A2%3CBR%20%2F%3EjQuery.%3CCOMPUTED%3E%20%40%20jquery-3.1.1.js%3A9292%3CBR%20%2F%3EgetTermKey%20%40%20global.js%3A228%3CBR%20%2F%3E(anonymous)%20%40%20global.js%3A175%3CBR%20%2F%3EmightThrow%20%40%20jquery-3.1.1.js%3A3570%3CBR%20%2F%3Eprocess%20%40%20jquery-3.1.1.js%3A3638%3CBR%20%2F%3EsetTimeout%20(async)%3CBR%20%2F%3E(anonymous)%20%40%20jquery-3.1.1.js%3A3676%3CBR%20%2F%3Efire%20%40%20jquery-3.1.1.js%3A3305%3CBR%20%2F%3EfireWith%20%40%20jquery-3.1.1.js%3A3435%3CBR%20%2F%3Efire%20%40%20jquery-3.1.1.js%3A3443%3CBR%20%2F%3Efire%20%40%20jquery-3.1.1.js%3A3305%3CBR%20%2F%3EfireWith%20%40%20jquery-3.1.1.js%3A3435%3CBR%20%2F%3Eready%20%40%20jquery-3.1.1.js%3A3915%3CBR%20%2F%3Ecompleted%20%40%20jquery-3.1.1.js%3A3925%3CBR%20%2F%3Ejlink4fe.norsoftconsulting.com%2F%3A1%20Access%20to%20XMLHttpRequest%20at%20'%3CA%20href%3D%22http%3A%2F%2Flocalhost%2Fjusticelink%2Fidentityservice%2Fgetversion%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Flocalhost%2Fjusticelink%2Fidentityservice%2Fgetversion%3C%2FA%3E'%20from%20origin%20'%3CA%20href%3D%22http%3A%2F%2Fjlink4fe.norsoftconsulting.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fjlink4fe.norsoftconsulting.com%3C%2FA%3E'%20has%20been%20blocked%20by%20CORS%20policy%3A%20The%20request%20client%20is%20not%20a%20secure%20context%20and%20the%20resource%20is%20in%20more-private%20address%20space%20%60local%60.%3CBR%20%2F%3Ejquery-3.1.1.js%3A9536%20GET%20%3CA%20href%3D%22http%3A%2F%2Flocalhost%2Fjusticelink%2Fidentityservice%2Fgetversion%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Flocalhost%2Fjusticelink%2Fidentityservice%2Fgetversion%3C%2FA%3E%20net%3A%3AERR_FAILED%3C%2FCOMPUTED%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EThe%20client%20works%20in%20IE%2C%20EDGE%2C%20Chrome%20and%20Firefox.%26nbsp%3B%20We%20need%20a%20resolution%20to%20this%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2465763%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Beta%2C%20Version%2092.0.902.9%20CORS%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2465763%22%20slang%3D%22en-US%22%3E%3CP%3ETagging%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F318459%22%20target%3D%22_blank%22%3E%40johnjansen%3C%2FA%3E%2C%20to%20please%20further%20look%20into%20this%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2467714%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Beta%2C%20Version%2092.0.902.9%20CORS%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2467714%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20manually%20enable%20edge%3A%2F%2Fflags%2F%23block-insecure-private-network-requests%20%3F%26nbsp%3B%20Longer%20term%2C%20you%20will%20need%20to%20start%20using%20HTTPS%20on%20the%20outer%20page.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EEventually%2C%20this%20will%20be%20working%20as%20intended%2C%20and%20you'll%20see%20the%20same%20behavior%20in%20Chrome%20depending%20on%20experimental%20flighting.%20(Learn%20more%20about%20experiments%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftextslashplain.com%2F2017%2F10%2F18%2Fchrome-field-trials%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Ftextslashplain.com%2F2017%2F10%2F18%2Fchrome-field-trials%2F%3C%2FA%3E%26nbsp%3B)%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fchromestatus.com%2Ffeature%2F5436853517811712%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fchromestatus.com%2Ffeature%2F5436853517811712%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECurrently%2C%20this%20change%20is%20being%20considered%20to%20ship%20by%20default%20in%20Chromium%20version%2093.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fg%2Fblink-dev%2Fc%2FcPiRNjFoCag%2Fm%2FvGCrLvVqAAAJ%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fg%2Fblink-dev%2Fc%2FcPiRNjFoCag%2Fm%2FvGCrLvVqAAAJ%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Visitor

I test our Criminal Justice Client against the EDGE DEV version and yesterday when I tested I got the following error:

Access to XMLHttpRequest at 'http://localhost/justicelink/identityservice/gettermkeyjson' from origin 'http://jlink4fe.norsoftconsulting.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
jquery-3.1.1.js:9536 GET http://localhost/justicelink/identityservice/gettermkeyjson net::ERR_FAILED
send @ jquery-3.1.1.js:9536
ajax @ jquery-3.1.1.js:9143
a.ajax @ jquery-migrate-3.0.0.min.js:2
jQuery.<computed> @ jquery-3.1.1.js:9292
getTermKey @ global.js:228
(anonymous) @ global.js:175
mightThrow @ jquery-3.1.1.js:3570
process @ jquery-3.1.1.js:3638
setTimeout (async)
(anonymous) @ jquery-3.1.1.js:3676
fire @ jquery-3.1.1.js:3305
fireWith @ jquery-3.1.1.js:3435
fire @ jquery-3.1.1.js:3443
fire @ jquery-3.1.1.js:3305
fireWith @ jquery-3.1.1.js:3435
ready @ jquery-3.1.1.js:3915
completed @ jquery-3.1.1.js:3925
jlink4fe.norsoftconsulting.com/:1 Access to XMLHttpRequest at 'http://localhost/justicelink/identityservice/getversion' from origin 'http://jlink4fe.norsoftconsulting.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.
jquery-3.1.1.js:9536 GET http://localhost/justicelink/identityservice/getversion net::ERR_FAILED


The client works in IE, EDGE, Chrome and Firefox.  We need a resolution to this issue.

2 Replies

Tagging @johnjansen, to please further look into this issue.

You can manually control this via edge://flags/#block-insecure-private-network-requests for the time being. Longer term, you will need to start using HTTPS on the outer page.

 

Eventually, this will be working as intended, and you'll see the same behavior in Chrome depending on experimental flighting. (Learn more about experiments at https://textslashplain.com/2017/10/18/chrome-field-trials/ )


https://chromestatus.com/feature/5436853517811712

 

Currently, this change is being considered to ship on-by-default in Chromium version 93. https://groups.google.com/a/chromium.org/g/blink-dev/c/cPiRNjFoCag/m/vGCrLvVqAAAJ