CORS issue with chromium-based browser

[dmunozv04]

Which version of LM Studio?
LM Studio 0.3.9 (Build 3)

Which operating system?
macOS

What is the bug?
When making a CORS request to the openai-like api on a chromium-based browser, the request will fail indicating a CORS error. This seems to be related to the Access-Control-Allow-Private-Network https://wicg.github.io/private-network-access/#headers
This happens when the server is started with the Enable CORS setting enabled. Using a reverse proxy and adding the header with the value true manually seems to solve the issue.

Screenshots

Logs

2025-02-02 23:09:14  [INFO] 
[LM STUDIO SERVER] Received OPTIONS request. {}
2025-02-02 23:09:14  [INFO] 
[LM STUDIO SERVER] Received OPTIONS request. {}
2025-02-02 23:09:15  [INFO] 
[LM STUDIO SERVER] Received OPTIONS request. {}

Chrome console error:

Access to fetch at 'http://localhost:1234/v1/chat/completions' from origin 'https://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Private-Network' header was present in the preflight response for this private network request targeting the `local` address space.

To Reproduce
Steps to reproduce the behavior:

1. Launch lmstudio, enable the api server and enable CORS
2. Make a request to it from a chromium-based browser that would require CORS (file:/// requests won't show the same behavior)
3. The network logs show an error

[yagil]

Thanks @dmunozv04 a couple of quick questions:

1. which browser exactly was this?
2. was the request made from another localhost webapp or something on the internet?

[dmunozv04]

The request was made on chrome for macOS v134, on a website on the internet

[dmunozv04]

@yagil You can easily reproduce the error by going into the browser console on any domain that isn't local, and running the following line:
fetch("http://localhost:1234/v1/chat/completions")