Local Network Access: Add LNA CORS issue descriptions

Modeled off of https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/4654400

https://screenshot.googleplex.com/439ixiEdMGb9kTh

Bug: 395895368
Change-Id: I954b2db7feed3856d864491a1e42390b604b3a73
Reviewed-on: https://chromium-review.googlesource.com/c/devtools/devtools-frontend/+/6330471
Reviewed-by: Mathias Bynens <[email protected]>
Commit-Queue: Hubert Chao <[email protected]>
Reviewed-by: Simon Zünd <[email protected]>

Author: hubertchao

config/gni/devtools_grd_files.gni

@@ -449,6 +449,7 @@ grd_files_release_sources = [
   "front_end/models/issues_manager/descriptions/corsHeaderDisallowedByPreflightResponse.md",
   "front_end/models/issues_manager/descriptions/corsInsecurePrivateNetwork.md",
   "front_end/models/issues_manager/descriptions/corsInvalidHeaderValues.md",
+  "front_end/models/issues_manager/descriptions/corsLocalNetworkAccessPermissionDenied.md",
   "front_end/models/issues_manager/descriptions/corsMethodDisallowedByPreflightResponse.md",
   "front_end/models/issues_manager/descriptions/corsNoCorsRedirectModeNotFollow.md",
   "front_end/models/issues_manager/descriptions/corsOriginMismatch.md",

front_end/core/host/UserMetrics.ts

@@ -1134,8 +1134,9 @@ export enum IssueCreated {
   'SRIMessageSignatureIssue::ValidationFailedSignatureExpired' = 108,
   'SRIMessageSignatureIssue::ValidationFailedInvalidLength' = 109,
   'SRIMessageSignatureIssue::ValidationFailedSignatureMismatch' = 110,
+  'CorsIssue::LocalNetworkAccessPermissionDenied' = 111,
   /* eslint-enable @typescript-eslint/naming-convention */
-  MAX_VALUE = 111,
+  MAX_VALUE = 112,
 }
 
 export const enum DeveloperResourceLoaded {

front_end/models/issues_manager/BUILD.gn

@@ -103,6 +103,7 @@ devtools_issue_description_files = [
   "corsHeaderDisallowedByPreflightResponse.md",
   "corsInsecurePrivateNetwork.md",
   "corsInvalidHeaderValues.md",
+  "corsLocalNetworkAccessPermissionDenied.md",
   "corsMethodDisallowedByPreflightResponse.md",
   "corsNoCorsRedirectModeNotFollow.md",
   "corsOriginMismatch.md",

front_end/models/issues_manager/CorsIssue.ts

@@ -10,6 +10,10 @@ import {Issue, IssueCategory, IssueKind} from './Issue.js';
 import type {MarkdownIssueDescription} from './MarkdownIssueDescription.js';
 
 const UIStrings = {
+  /**
+   *@description Label for the link for CORS Local Network Access issues
+   */
+  corsLocalNetworkAccess: 'Local Network Access',
   /**
    *@description Label for the link for CORS private network issues
    */
@@ -246,13 +250,20 @@ export class CorsIssue extends Issue<IssueCode> {
             linkTitle: i18nString(UIStrings.corsPrivateNetworkAccess),
           }],
         };
+      case IssueCode.LOCAL_NETWORK_ACCESS_PERMISSION_DENIED:
+        return {
+          file: 'corsLocalNetworkAccessPermissionDenied.md',
+          links: [{
+            link: 'https://chromestatus.com/feature/5152728072060928',
+            linkTitle: i18nString(UIStrings.corsLocalNetworkAccess),
+          }],
+        };
       case IssueCode.PREFLIGHT_MISSING_ALLOW_EXTERNAL:
       case IssueCode.PREFLIGHT_INVALID_ALLOW_EXTERNAL:
       case IssueCode.INVALID_PRIVATE_NETWORK_ACCESS:
       case IssueCode.UNEXPECTED_PRIVATE_NETWORK_ACCESS:
       case IssueCode.PRIVATE_NETWORK_ACCESS_PERMISSION_UNAVAILABLE:
       case IssueCode.PRIVATE_NETWORK_ACCESS_PERMISSION_DENIED:
-      case IssueCode.LOCAL_NETWORK_ACCESS_PERMISSION_DENIED:
         return null;
     }
   }

front_end/models/issues_manager/descriptions/corsLocalNetworkAccessPermissionDenied.md

@@ -0,0 +1,19 @@
+# Ensure that local network requests are compatible with upcoming restrictions
+
+A site requested a resource from a network that it could only access because of
+its users' privileged network position.
+
+These requests expose devices and servers to the internet, increasing the risk
+of a cross-site request forgery (CSRF) attack and/or information leakage.
+
+To mitigate these risks, Chrome will begin requiring the user grant explicit
+permission before a site can make local network requests. Local network requests
+are those that go to either private IP addresses, .local domains, or loopback
+addresses. Additionally, Chrome will block local network requests (both
+subframes and subresources) when initiated from non-secure contexts.
+
+If the user explicitly grants the permission, the site can make local network
+requests over HTTP for hostnames that are private IP addresses, .local
+hostnames, or to localhost. Sites can also set the `targetAddressSpace` fetch
+option to `private` or `local` to mark requests as being local network requests,
+which will allow them to be made over HTTP.