iframes are blocked with the Local Network Access Checks feature | allow attribute doesn't propogate down to iframes #3527
Description
Description of Bug
We are trying to embed our own app inside our app. With stackblitz sdk this had been working for us.
We have playground where people can come and try out different things with our sdk to embed our app.
But now the problem after chrome mandated : Local Network Access Checks after 142+ version.
stackblitz has this arch : .com -> .io -> our app
But now even if we allow Local Network Access permission. It doesn't take in effect due to extra top domain .com.
We were following the LNA doc from google
But even using iframe allow attribute it won't work because there is .io which is also iframe which is not having this allow="local-network-access" attribute.
Steps to Reproduce
- Go to 'https://stackblitz.com'
- Create a sandbox or use : "https://stackblitz.com/edit/vitejs-vite-d2v6s6fo"
- insert an iframe with url - the one with internal ip domains ( private IP range) to repro the issue. Check this out
- On your iframe allow="local-network-access *"
- You will see the error regarding the private network access.
Alternatively You can test the problem related to allow attribute not propogating down to .io iframe. because it's stackblitz iframe and there is no option to modify that.
Expected Behavior
We should have some way to either modify the allow attributes.
Or
We should have allow = * on the stackblitz extra iframe. Otherwise none content would be able to propogate the allow attributes when embedding into stackblitz playground.
Screenshots/Screencast
If applicable, add screenshots to help explain your problem.
Additional Context/Questions
So, generally this causes problems in stackblitz embed only. Codesanbox works fine. As it doesn't require .com on top of .io to make it work.
Any workarounds would also be fine.