Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Specifies whether to allow websites to make requests to any network endpoint in an insecure manner.
Supported versions
- On Windows and macOS since 92 or later
Description
Controls whether websites are allowed to make requests to more-private network endpoints.
When this policy is enabled, all Private Network Access checks are disabled for all origins. This may allow attackers to perform cross-site request forgery (CSRF) attacks on private network servers.
When this policy is disabled or not configured, the default behavior for requests to more-private network endpoints will depend on the user's personal configuration for the BlockInsecurePrivateNetworkRequests, PrivateNetworkAccessSendPreflights, and PrivateNetworkAccessRespectPreflightResults feature flags. These flags may be controlled by experimentation or set via the command line.
This policy relates to the Private Network Access specification. See https://wicg.github.io/private-network-access/ for more details.
A network endpoint is more private than another if:
- Its IP address is localhost and the other is not.
- Its IP address is private and the other is public. In the future, depending on spec evolution, this policy might apply to all cross-origin requests directed at private IPs or localhost.
When this policy enabled, websites are allowed to make requests to any network endpoint, subject to other cross-origin checks.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: InsecurePrivateNetworkRequestsAllowed
- GP name: Specifies whether to allow websites to make requests to any network endpoint in an insecure manner.
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Private Network Request Settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Disabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: InsecurePrivateNetworkRequestsAllowed
- Value type: REG_DWORD
Example registry value
0x00000000
Mac information and settings
- Preference Key name: InsecurePrivateNetworkRequestsAllowed
- Example value:
<false/>