New Chrome security measure aims to curtail an entire class of Web attack

Extreme close-up photograph of finger above Chrome icon on smartphone.

Enlarge (credit: Getty Images)

private network access, which permits public websites to access internal network resources only after the sites have explicitly requested it and the browser grants the request. PNA communications are sent using the CORS, or Cross-Origin Resource Sharing, protocol. Under the scheme, the public site sends a preflight request in the form of the new header Access-Control-Request-Private-Network: true. For the request to be granted, the browser must respond with the corresponding header Access-Control-Allow-Private-Network: true.

Read 8 remaining paragraphs | Comments