InsecurePrivateNetworkRequestsAllowed

Controls whether websites are allowed to make requests to more-private network endpoints in an insecure manner. When this policy is set to true, all Private Network Access checks are disabled for all origins. This may allow attackers to perform CSRF attacks on private network servers. When this policy is either not set or set to false, the default behavior for requests to more-private network endpoints will depend on the user's personal configuration for the BlockInsecurePrivateNetworkRequests, PrivateNetworkAccessSendPreflights, and PrivateNetworkAccessRespectPreflightResults feature flags, which may be set by field trials or on the command line. This policy relates to the Private Network Access specification. See https://wicg.github.io/private-network-access/ for more details. A network endpoint is more private than another if: 1) Its IP address is localhost and the other is not. 2) Its IP address is private and the other is public. In the future, depending on spec evolution, this policy might apply to all cross-origin requests directed at private IPs or localhost. When this policy is set to true, websites are allowed to make requests to any network endpoint, subject to other cross-origin checks.