Description
Describe the solution you'd like
Improve router CORS feature to support Access-Control-Request-Private-Network capability.
This was added to the tower CORS support in version 0.4.2 back in 2023.
https://docs.rs/tower-http/latest/tower_http/cors/struct.AllowPrivateNetwork.html
Chrome's Private Network Access (PNA) for non-secure contexts deprecation trial is ending soon. see: https://developer.chrome.com/blog/pna-permission-prompt-ot-end
When complete:
all private network requests will only work if the endpoint opts in by responding to a preflight request.
Describe alternatives you've considered
There is none.
Additional context
This change will allow additional options for developer experience when running Router locally. For local development serving a /graphql endpoint, and using a website that allows to point to make requests against that local graphql endpoint - either the customers, or simply Apollo explorer or router -- allowing your customers using this this will allow hitting a local endpoint without encountering CORS issues.
