Google Chrome: Private Network Access. I can't update the project as described

Hello there,

I’m trying to update our project regarding Google Chrome Private Network Access preflights as per the email you sent, but I never receive the access-control-request-private-network header in the request as you describe in the post.

These are the headers I receive:

{
  host: 'localhost:3310',
  connection: 'keep-alive',
  'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="101", "Google Chrome";v="101"',
  accept: 'application/json',
  'content-type': 'application/json',
  authorization: 'token',
  'sec-ch-ua-mobile': '?0',
  'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36',
  'sec-ch-ua-platform': '"macOS"',
  origin: 'https://app.forestadmin.com',
  'sec-fetch-site': 'cross-site',
  'sec-fetch-mode': 'cors',
  'sec-fetch-dest': 'empty',
  referer: 'https://app.forestadmin.com/',
  'accept-encoding': 'gzip, deflate, br',
  'accept-language': 'en-GB,en-US;q=0.9,en;q=0.8'
}

Also, I’m using Chrome 101 and don’t have any problems while other engineers in my team can’t use FA, they also don’t get the new header.

We are suing: "forest-express-sequelize": "^7.12.3"

Is there anything I’m missing?

Thanks!

Hello @nathanqueija,

As described in the note, you need to use the latest version 8 of forest-express-sequelize for it to work.

As you seem to be using forest-express-sequelize@v7.12.3 you first need to upgrade your agent to v8, following this documentation.

Then the new header will be supported

Hi @GuillaumeGautreau ,

i just updated the package as you mentioned and I’m running on: "forest-express-sequelize": "^8.5.7"

But I still can’t see the header mentioned. Here are my request headers:

{
  host: 'localhost:3310',
  connection: 'keep-alive',
  'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="102", "Google Chrome";v="102"',
  accept: 'application/json',
  'content-type': 'application/json',
  authorization: 'token',
  'sec-ch-ua-mobile': '?0',
  'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36',
  'sec-ch-ua-platform': '"macOS"',
  origin: 'https://app.forestadmin.com',
  'sec-fetch-site': 'cross-site',
  'sec-fetch-mode': 'cors',
  'sec-fetch-dest': 'empty',
  referer: 'https://app.forestadmin.com/',
  'accept-encoding': 'gzip, deflate, br',
  'accept-language': 'en-GB,en-US;q=0.9,en;q=0.8'
}

Hello, do you see a preflight request, with the OPTIONS verb, sent by your browser?

Yes, here it is:

curl 'http://localhost:3310/forest/authentication/callback?code=callback_code' \
  -X 'OPTIONS' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-GB,en;q=0.9' \
  -H 'Access-Control-Request-Headers: content-type' \
  -H 'Access-Control-Request-Method: GET' \
  -H 'Access-Control-Request-Private-Network: true' \
  -H 'Connection: keep-alive' \
  -H 'Origin: https://app.forestadmin.com' \
  -H 'Referer: https://app.forestadmin.com/' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: cross-site' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36' \
  --compressed

And if I look at the developer console I see two being sent one that succeeds and another one that fails:

Hi @nathanqueija :wave: According to the chrome documentation: Private Network Access: introducing preflights - Chrome Developers
If i’m not mistaken, the new header is not already present in this version.

But for now, if you have following correctly our migration note to migrate to v8 it should work like a charm.

What is your issue now?

As yet, we have not encountered any issues related to this preflight update issue (running Chrome Version 105.0.5195.52). Is the suggested update specific to those using morgan("tiny")? We use morgan but not "tiny". I was updating as suggested but then reviewing before merging and noticed this distinction (plus we weren’t noticing any issues before the update).

Current usage:

app.use(
  morgan(
    ":id :remote-addr :remote-user :method :url HTTP/:http-version :status :res[content-length] - :response-time ms",
    { stream: logger.stream }
  )
);