Skip to content

[Problem/Bug]: WebView 143.0.3650.66 breaks requests from local origin (http://example.pos) → internal network API (http://pos.example.com/...) with new private-network access restriction #5456

New issue
New issue
Open
Open
[Problem/Bug]: WebView 143.0.3650.66 breaks requests from local origin (http://example.pos) → internal network API (http://pos.example.com/...) with new private-network access restriction#5456
Labels
bugSomething isn't working
@BrayanVillatoro

Description

@BrayanVillatoro
BrayanVillatoro
opened on Dec 6, 2025

What happened?

Environment

WebView version: 143.0.3650.66

Platform: windows

App type: Hybrid POS system using local HTML (file:// or http://example.pos) calling internal LAN API endpoints

Previously working version: All versions prior to 143.* worked correctly

Summary of the Issue

After updating to WebView 143.0.3650.66, our POS web application can no longer make any XHR requests from:

http://example.pos

http://pos.example.com/example-live/api/...

These requests now fail with CORS and private network access errors, even though:

These are internal corporate network domains

The app is not intended to run in a public browser

The same code works on all previous WebView versions

This appears to be a regression or over-strict enforcement of Private Network Access (PNA) rules on non-secure local origins.

Importance

Blocking. My app's basic functions are not working due to this issue.

Runtime Channel

Stable release (WebView2 Runtime)

Runtime Version

143.0.3650.66

SDK Version

No response

Framework

----Please select----

Operating System

Windows 11

OS Version

26200.6074

Repro steps

Reproduction Steps

Launch the application using WebView version 143.0.3650.66.

Load the local POS interface:
http://example.pos/index.html#view-login

The app attempts to make XHR/Fetch requests to the internal API endpoint:
http://pos.example.com/example-live/api/...

Observe console logs and network activity.

Expected Behavior

The WebView should allow HTTP → HTTP requests between internal corporate network origins.

All API requests to the internal backend server should succeed as they did in previous WebView versions.

The app should load login configuration, theme data, and service info normally.

No CORS or Private Network Access errors should occur on an internal, non-public environment.

Actual Behavior

All HTTP requests to the internal API fail immediately.

WebView logs show CORS enforcement and Private Network Access blocking:

“The request client is not a secure context and the resource is in more-private address space local.”

net::ERR_FAILED

net::ERR_FILE_NOT_FOUND

Requests do not reach the server (status 0, empty responseText).

The POS application cannot initialize and is stuck on the login screen.

Repros in Edge Browser

No, issue does not reproduce in the corresponding Edge version

Regression

Don't know

Last working version (if regression)

142.0.3595.94

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions