Fixing Chrome and Edge Local Network Access Breaks

Chromium-based browsers (Chrome, Microsoft Edge, Brave, Vivaldi, Opera) have introduced a Local Network Access permission model that can block or prompt when a website tries to reach local IPs (private ranges like 192.168.x.x, 10.x.x.x, 172.16-31.x.x, and sometimes loopback). In real-world support, this can falsely stop internal web apps, printer portals, embedded device UIs, and local helper services from working.

What Changed in Chromium Browsers

Newer Chromium builds added a Local Network Access permission prompt to improve privacy and security. The intent is to prevent public websites from silently reaching local services on a user’s network. Over time, this is moving toward more strict enforcement by default.

What you see in the field:

• Web apps that previously worked now fail when calling a local API or local device UI.
• Users get a prompt asking to allow access to local devices, or the request is blocked.
• Some apps fail silently (nothing happens), especially when the call is made from scripts, embedded frames, or background requests.

Quick Fixes for End Users

Google Chrome

Option 1: Disable the Local Network Access check via Flags (fastest, not ideal for long-term)

1. Open: chrome://flags
2. Search for: local network access
3. Look for a flag similar to: Local Network Access (the exact label can vary by build)
4. Set it to: Disabled
5. Restart Chrome

Note: Flags are not intended as a permanent enterprise control and can change between versions. Use policies for managed environments.

Option 2: Allow Local Network Access for the affected site (best per-user workaround)

1. Open Chrome Settings
2. Go to: Privacy and security > Site settings
3. Find: Local network access
4. Locate your web app’s site entry and set it to Allow

Option 3: macOS system privacy layer (if applicable)

On macOS, the operating system can also restrict local network discovery and access at the app level.

1. Open: System Settings
2. Go to: Privacy & Security > Local Network
3. Enable local network access for Google Chrome (and any helper apps involved)

Microsoft Edge

Edge is Chromium-based, so the same kinds of failures can occur and the same types of fixes apply.

Option 1: Edge Flags

1. Open: edge://flags
2. Search for: local network access
3. Disable the relevant Local Network Access flag (if present)
4. Restart Edge

Option 2: Allow Local Network Access for the site

1. Open Edge Settings
2. Go to: Cookies and site permissions
3. Find: Local network access (label can vary)
4. Set the affected site to Allow

Admin-Oriented Fixes (Enterprise / Managed Devices)

If you support an internal web app that must reach local services, the best practice is to manage this centrally with browser policies. This avoids user prompts and reduces helpdesk tickets.

Chrome Enterprise Policy Options

A commonly used approach is to pre-grant local network access for specific URLs or patterns.

Policy Concept: Allow Local Network Access for trusted web apps

LocalNetworkAccessAllowedForUrls can be used to define which sites are allowed to reach local network endpoints without prompting.

Verification: After deploying, confirm policy application at:

chrome://policy

Windows Registry Example (conceptual)

Chrome policies are typically deployed via GPO/ADMX or MDM, but they map to registry under:

HKLM\SOFTWARE\Policies\Google\Chrome

Example pattern (illustrative):

HKLM\SOFTWARE\Policies\Google\Chrome\LocalNetworkAccessAllowedForUrls
1 = https://your-internal-app.example.com
2 = https://another-trusted-app.example.com

Tip: Prefer a tight allowlist (specific trusted sites) rather than allowing all sites.

Intune (high-level)

• Use Intune Settings Catalog for Google Chrome (or ingest Chrome ADMX templates)
• Configure the Local Network Access allow policy for your internal app URL(s)
• Validate on a client using chrome://policy

Microsoft Edge Policy Options

Edge supports comparable policies because it shares the Chromium policy model.

Recommended Policy: Allow Local Network Access for trusted URLs

LocalNetworkAccessAllowedForUrls lets you specify which sites can access local network resources.

Verification: Check policy application at:

edge://policy

Temporary Opt-Out Policy (use while testing)

LocalNetworkAccessRestrictionsTemporaryOptOut can be used as a transitional control while you validate impact and roll out a proper allowlist.

Important: Treat temporary opt-outs as short-term remediation, not a final state.

Why This Breaks Web Apps

Many internal and enterprise web apps were built assuming the browser would freely allow calls to local services, such as:

• Internal REST APIs hosted on LAN IPs
• Printer and scanner web portals
• IoT and facilities dashboards
• Local helper services (agent-based integrations)
• Embedded device UIs displayed inside iframes

When Local Network Access restrictions kick in, these calls can be blocked or require user approval. Some applications do not handle the prompt or denial gracefully, leading to broken workflows or silent failures.

Cross-Browser Notes

• Firefox: Does not currently mirror Chromium’s Local Network Access permission model in the same way, so the same policy knobs may not exist.
• Chromium-based alternatives: Brave, Vivaldi, and Opera often inherit the behavior, but their enterprise policy support varies.
• Flags vs Policies: Flags can fix quickly, but policies are the correct approach for managed environments.

Fix It Summary (Good for a TL;DR section)

1. On a user machine, try disabling the Local Network Access flag in chrome://flags or edge://flags.
2. If available, set the site to Allow under the browser’s Local network access site permission.
3. On managed devices, deploy an allowlist policy such as LocalNetworkAccessAllowedForUrls for your internal web app URL(s).
4. In Edge, consider a temporary opt-out policy during rollout and testing, then move to a proper allowlist.

If you want, paste the exact internal URL patterns your web app uses (and whether it calls printers, localhost services, or private subnets) and I can generate a hardened allowlist strategy plus ready-to-paste GPO and Intune configuration text for both Chrome and Edge.

“`