WarpStudio 2.0.6

WarpStudio 2.0.6 is out and attempts to fix the CORS-RFC1918.

WarpStudio 2.0.6

Here is a new release of WarpStudio 2.0.6. This is mostly a minor release except it addresses the CORS-RFC1918.

What is CORS-RFC1918?

Since Chrome 92, the RFC1918 is implemented. It's about Private Network Access.

Starting in Chrome 94, public non-secure contexts (broadly, websites that are not delivered over HTTPS or from a private IP address) are forbidden from making requests to the private network. This was previously planned for Chrome 92, hence deprecation messages might still mention the earlier milestone.

This deprecation is accompanied by a deprecation trial, allowing web developers whose websites make use of the deprecated feature to continue using it until Chrome 102 by registering for tokens.

Private Network Access (formerly known as CORS-RFC1918) restricts the ability of websites to send requests to servers on private networks. It allows such requests only from secure contexts. The specification also extends the Cross-Origin Resource Sharing (CORS) protocol so that websites now have to explicitly request a grant from servers on private networks before being allowed to send arbitrary requests.

Private network requests are requests whose target server's IP address is more private than that from which the request initiator was fetched. For example, a request from a public website (https://example.com) to a private website (http://router.local), or a request from a private website to localhost.

Other browsers (Firefox, Opera, Edge, and so on) will also implement it in a near future.

You can still by-pass it with chrome://flags/#block-insecure-private-network-requests

What does it mean?

WarpStudio prior to 2.0.6 can not request a Warp 10 instance on the private network. It includes 127.0.0.1, localhost, or any IP on your local network.

With the 2.0.6 version, there are still some restrictions:

  • WarpStudio in HTTPS can request HTTPS Warp 10 instances or on your local network
  • WarpStudio in HTTP can request only HTTP Warp 10 instances not on your local network

WarpStudio will attempt to switch from HTTP to HTTPS (and from HTTPS to HTTP in some cases). The issue is that all your saved scripts or instances are stored in your browser's local storage (IndexedDB with Chrome) and this storage is not shared between HTTP and HTTPS (even with the same domain name).

So, do not forget to backup regularly!

Read more about WarpStudio

Save / restore feature of WarpStudio
The save/restore feature

Learn more about Chrome and the RFC-1918: https://developer.chrome.com/blog/private-network-access-update/

If you encounter any issues, please feel free to contact us.