CefSharp CORS error on request to localhost: request client is not a secure context and the resource is in more-private address space local

Question

I am building a web app with the following architecture:

1. remote server
2. CefSharp to render pages coming from the remote server
3. local server to communicate the app with a serial port

But when I make requests from the client to the local server I get some CORS errors

Access to fetch at 'http://localhost:3100/connection' from origin 'http://cloud.tissuelabs.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space local

so I added headers to the local server response

{
 Access-Control-Allow-Origin: *,
 Access-Control-Allow-Private-Network: true
}

it was working on firefox, but not on chrome nor on cefsharp. Then, I found this answer on stackoverflow (Chrome CORS error on request to localhost dev server from remote site) that suggested to disable chrome`s flag

chrome://flags/#block-insecure-private-network-requests

it worked on chrome, but I don`t know how to disable this flag on cefsharp. Does anyone know how to disable flags on cefsharp or any other workaround?

Answer 1

I disabled "BlockInsecurePrivateNetworkRequests" feature as suggested by @amaitland and it worked.

CefSettings settings = new CefSettings();
settings.CefCommandLineArgs.Add("disable-features", "BlockInsecurePrivateNetworkRequests");
CefSharp.Cef.Initialize(settings);

Answer 2

1. add to Startup.cs public void ConfigureServices(IServiceCollection services)

    {   services.AddControllersWithViews();
        services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
        {
            builder.AllowAnyOrigin()
                   .AllowAnyMethod()
                   .AllowAnyHeader();
        }));
     }
   

2. add in public void Configure(IApplicationBuilder app, IWebHostEnvironment env) app.UseCors(builder => builder.AllowAnyOrigin());

3. add to Controller.cs file [EnableCors("MyPolicy")]