Skip to content

Commit

Permalink
Merge pull request #139 from iVanlIsh/main
Browse files Browse the repository at this point in the history
Update explanations for worker and navigation flags
  • Loading branch information
iVanlIsh authored Apr 25, 2024
2 parents 3a28c37 + c629b94 commit c628ee5
Showing 1 changed file with 17 additions and 14 deletions.
31 changes: 17 additions & 14 deletions HOWTO.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,49 +24,52 @@ It can be controlled in a variety of ways:
PNA preflight requests are available in Chrome starting in version 98 under warning-mode.
It can be switched between enforcing-mode and warning-mode in following ways:

* the command-line flags: `--enable-features=PrivateNetworkAccessRespectPreflightResults`
* the command-line flag: `--enable-features=PrivateNetworkAccessRespectPreflightResults`
* the `chrome://` flag: `chrome://flags/#private-network-access-respect-preflight-results`

Chrome is sending preflight requests ahead of private network requests, but does
not require the response to be successful. The flag above enables enforcement:
Chrome is sending preflight requests ahead of private network requests, but does
not require the response to be successful. The flag above enables enforcement:
if the preflight request fails, then the request is not sent.

### Navigations and Workers

PNA preflight requests are also available for navigations and workers under the
PNA preflight requests are also available for navigations and workers under the
following command-line flags:

* `--enable-features=PrivateNetworkAccessForNavigations`
* `--enable-features=PrivateNetworkAccessForWorkers`
* `--enable-features=PrivateNetworkAccessForNavigationsWarningOnly`
* `--enable-features=PrivateNetworkAccessForWorkersWarningOnly`

The first two flags enable the features under warning-mode. The second two flags
works only when the first two are enabled and enables the enforcement of the
features.
The first two flags enable the features under enforcement mode. The second two
flags works only when the first two are enabled and switch them into
warning-only mode for the features.

The second two flags can also be set by the `chrome://` flag:

* `chrome://flags/#private-network-access-ignore-navigation-errors`
* `chrome://flags/#private-network-access-ignore-worker-errors`

### Reducing timeout

In the ideal world, private servers will reply to the preflight requrests no
matter with or without the correct headers. However, there are several real life
cases that some servers would just drop the requests they do not understand and
In the ideal world, private servers will reply to the preflight requrests no
matter with or without the correct headers. However, there are several real life
cases that some servers would just drop the requests they do not understand and
Chrome will wait forever until a TCP timeout.

In this case, Chrome provides an extra timeout limit, which is 200ms, to limit
In this case, Chrome provides an extra timeout limit, which is 200ms, to limit
the influence for websites and server haven't yet migrate with Private Network
Access Preflights and do not reply to preflight requests.

This extra timeout limit can be turned off by using the `chrome://` flag
This extra timeout limit can be turned off by using the `chrome://` flag
`chrome://flags/#private-network-access-preflight-short-timeout`.

## Permission Prompt

PNA permission prompt is available in Chrome desktop starting in version 120.

It can be controlled in a variety of ways:

* the command-line flag: `--enable-features=PrivateNetworkAccessPermissionPrompt`
* the `chrome://` flag:
`chrome://flags/#private-network-access-permission-prompt`
Expand All @@ -81,8 +84,8 @@ See [here](https://www.chromium.org/developers/how-tos/run-chromium-with-flags)
for instructions on setting command-line flags.

You can then test your own web app, or use a test page like
https://private-network-access-test.glitch.me/ or
https://private-network-access-permission-test.glitch.me/ for the permission
https://private-network-access-test.glitch.me/ or
https://private-network-access-permission-test.glitch.me/ for the permission
prompt.

Errors should manifest as CORS errors in the DevTools console, and as "Blocked
Expand Down

0 comments on commit c628ee5

Please sign in to comment.