Chrome(PNA) /local development / iframe

[zakhar-samakhval-devreon]

Hello, my name is Zakhar, and I'm a frontend developer. My company implemented single sign-on (SSO) in a commercial product using your oidc-client-ts library. We encountered an issue updating the Chrome policy related to disallowing access from the local network to the private network via an iframe. We use silent_redirect_uri and automaticSilentRenew: true . During local development, a specific issue arises: CORS fails due to my product accessing my authorization resource through an iframe: Example domains: https://my-product.local.company.dev/ and https://authorization.company.dev.as/. As far as I understand, the browser detects my IP as local and blocks it when the request goes to a private repository. Are there any settings that can solve this problem? I'll attach a link to the official Chrome website below for information on this issue and possible solutions. Perhaps someone has already asked you this question. Thanks in advance for your reply.
ref: https://developer.chrome.com/blog/pna-permission-prompt-ot-end

[zakhar-samakhval-devreon]

Hi, I asked the same question to Chrome support, and they replied, "See our https://docs.google.com/document/d/1QQkqehw8umtAgz5z0um7THx-aoU251p705FbIQjDuGs/edit?tab=t.0#heading=h.denb9idl4lm0 for what to do for the iframe case". After that, I created my iframe similar to yours during testing and placed iframe -> src = your IDP url with prompt=none, which resulted in an error in the console.

 - error: [Violation] Potential permissions policy violation: local-network-access is not allowed in this document.

After adding "allow="local-network-access *" to the iframe, everything worked.