Localhost bypass

I have a ticket open for this, but I wanted to ask here as I’m not getting many answers.
I have a web app segment that works perfectly fine through ZPA. It is just port 80 to the internal FQDN. Although, there is a specific part of this web app that reaches out to a locally installed extension over http://locahost:5000/ to edit a file. This doesn’t work and throws a connection refused or ERR_FAILED error in the Chrome developer tools. I also see this in the dev tools. “has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space local.” How can I best bypass this or get this working?

I’m pretty sure this is a ZPA problem as it works fine when using this web app on the local network when ZPA is off.

I’ve already tried creating a new app segment for “localhost” and doing a bypass, but that didn’t help.

Hi Kevin!
Have you reviewed the requirements for ZPA to accept CORS requests?

“ZPA accepts CORS requests if the requests are issued by one valid Browser Access domain to another Browser Access domain. The application server requires with credentials mode be added to the javascript. This is to allow the browser to pass cookies to the front-end JavaScript. The application server must also allow requests where the Origin header is set to null or to a valid Browser Access application.”
Be well,
Lisa

1 Like

I’m not a web dev, but know enough to be dangerous. I’m not really familiar with CORS and what that post means. But it seems to be related to the Zscaler browser access client. The issue I posted about is with using the client connector.

Ah, I’m sorry, my bad assumption! I don’t have any suggestions there, unfortunately - best bet is to open a support ticket so we can help debug it…