Chrome/Brave's new "Private Network Access" security feature is completely breaking legitimate local development workflows.

[JuanSpada]

Platforms

all

Description

The browser now blocks HTTPS→HTTP localhost requests with "Permission was denied for this request to access the unknown address space" - even though this is a standard development setup where:

• Frontend runs on HTTPS (CloudFront/production domain)
• Local API runs on HTTP localhost for development
• This worked perfectly fine for years

This isn't protecting anyone - it's just making development impossible. There's no flag to disable it anymore in recent Brave versions, and the "solutions" (setting up local SSL proxies, certificates, etc.) add massive overhead to simple development tasks.

Why block localhost specifically? Developers need to test against local APIs while using production frontends. This is a core development workflow, not a security threat.

Either:

1. Provide a clear, permanent way to disable this for localhost in development
2. Whitelist localhost/127.0.0.1 by default
3. Give us back the flags that worked before

This feature breaks more things than it fixes. Please reconsider this decision or provide better developer tooling to work around it.

[fmarier]

Are you seeing the prompt shown here? Or is the prompt never shown and the requests blocked?

[MeisterBob]

I ran into the same issue. Brave has the brave://flags/#local-network-access-check flag disabled by default, therefore the browser doesn't ask for permission. When the flag is enabled the prompt shows up and the local network can be accessed.

I am running Brave 1.85.111 on Ubuntu.