private-network-access VS node-red-contrib-sqlstring

// man getsockname // Get client address int sockn = getsockname(request, (struct sockaddr*)&client_addr, (socklen_t*)&client_addrlen); if (sockn < 0) { JS_ThrowInternalError(ctx, "server error (getsockname): %s", strerror(errno)); continue; } char buffer[BUFFER_SIZE]; // man 2 read // Read from the socket int readable = read(request, buffer, BUFFER_SIZE); if (readable < 0) { JS_ThrowInternalError(ctx, "server error (read): %s", strerror(errno)); continue; } // man sscanf // man inet_ntoa // man ntohs // Read the request char method[128], uri[128], version[128]; sscanf(buffer, "%s %s %s", method, uri, version); // ... if (!strcmp(method, "QUERY") || !strcmp(method, "POST")) { // https://developer.chrome.com/blog/private-network-access-preflight/ // https://wicg.github.io/local-network-access/ char response[] = "HTTP/1.1 200 OK\r\n" "Server: webserver-c\r\n" "Cross-Origin-Opener-Policy: unsafe-none\r\n" "Connection: keepalive\r\n" "Cross-Origin-Embedder-Policy: unsafe-none\r\n" "Access-Control-Allow-Headers: cache-control\r\n" "Access-Control-Allow-Methods: OPTIONS,POST,GET,HEAD,QUERY\r\n" "Access-Control-Allow-Credentials: true\r\n" "Cache-Control: no-store\r\n" "Access-Control-Allow-Origin: *\r\n" "Content-type: text/plain\r\n" "Access-Control-Allow-Private-Network: true\r\n\r\n"; char* body_signal = strstr(buffer, "\r\n\r\n"); char* body = body_signal + 4; status(ctx, argv[1], body); uint8_t writable[65536]; int writer = write(request, response, strlen(response)); if (writer < 0) { return JS_ThrowInternalError(ctx, "server error (write): %s", strerror(errno)); } // man popen FILE* pipe = popen(body, "r"); if (pipe == NULL) { return JS_ThrowInternalError(ctx, "server error (popen): %s", strerror(errno)); } for (;;) { // man fread size_t count = fread(writable, 1, sizeof(writable), pipe); int stream = write(request, writable, count); if (stream < 0 || count == 0) { // man pclose pclose(pipe); status(ctx, argv[1], "aborted"); break; } } close(request); for (int i = 0; i < sizeof(buffer) - 1; i++) { buffer[i] = '\0'; }

Because browsers make a distinction between private networks and public networks.

Has anyone done any testing/mitigation in regards to Chrome v107 and Cisco UC/CCE applications in regards to the Private Network Access changes?

See also: https://wicg.github.io/private-network-access/

Browser are also working to add IE6's zones* feature back in: https://wicg.github.io/private-network-access/

* I'm not actually sure if that did anything regarding cross-zone requests or if it was just "yeah, ActiveX is totally super-fine with me, as long as it comes from a trusted zone".

Yes. It's in the doc: https://wicg.github.io/private-network-access/

Of course one obvious workaround is to misconfigure your router to allocate from a non-private but unused/reserved address space. That way your internal network is also on the "outside".

I remember trying to use it as a web-server few years ago.

You can see an example graph to get a user from the DB by id here: https://github.com/julius/node-red-contrib-sqlstring