THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.3 |
01-Feb-23 |
Updated the Title, Problem Description, Background, Problem Symptom, and Workaround/Solution Sections |
1.1 |
31-Oct-22 |
Updated the Workaround/Solution Section |
1.0 |
07-Oct-22 |
Initial Release |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
Finesse Software |
12 |
12.5(1), 12.6(1) |
Finesse for Unified Contact Center Enterprise (UCCE) |
NON-IOS |
Cisco Virtualized Voice Browser Software Releases |
VVB 12 |
12.5(1), 12.6(1) |
|
NON-IOS |
Cisco Customer Voice Portal Software Releases |
CVP Ver 12 |
12.5(1), 12.6(1) |
|
NON-IOS |
Unified Contact Center Express Software |
Unified CCX 12 |
12.5(1) |
Finesse for Unified Contact Center Express (UCCX) |
NON-IOS |
Unified Contact Center Express Software |
Unified CCX 12 |
12.5(1) |
Customer Collaboration Platform (CCP) for UCCE and UCCX |
NON-IOS |
Cisco Unified Intelligent Contact Management Software Releases |
12 |
12.5(1), 12.5(2), 12.6(1) |
For UCCE/ICM/PCCE |
Defect ID | Headline |
---|---|
CSCwc13647 | Impact of Chrome deprecating direct access to private network endpoints on Finesse |
CSCwc93530 | Impact of Chrome deprecating Private Network Access on CVP |
CSCwc93693 | Impact of Chrome deprecating Private Network Access on VVB |
CSCwc80228 | CCP - Chrome Private Network Access |
CSCwc49008 | CCX- Impact of Chrome deprecating direct access to private network endpoints on Finesse |
CSCwc98312 | Impact of Chrome deprecating Private Network Access on CCE |
Chrome will deprecate direct access to private network endpoints, as part of the Private Network Access (PNA) specification, which begins from Chrome version 111. This is also applicable for Chromium-based browsers such as Microsoft Edge.
With Chrome version 111, Chrome will start to send a Cross Origin Resource Sharing (CORS) pre-flight request ahead of any private network request for a sub resource, as specified by the PNA specification which asks for explicit permission from the target server.
This pre-flight request will carry a new header, Access-Control-Request-Private-Network: true, and the response must carry a header that corresponds to it, Access-Control-Allow-Private-Network: true.
The aim is to protect users from Cross Site Request Forgery (CSRF) attacks that target routers and other devices on private networks.
When a web application tries to access a resource from a server that is in a "more" private network space (as defined in the Chrome Reference URL), the HTTP method to retrieve the resource will error out, and the corresponding page/UI component/widget and/or resource data will not load. The UI (depending on the web application) will likely display an error message which indicates the access failure.
For more details, refer to Chrome's Reference - Private Network Access: introducing preflights.
Note: At the time of publishing this article, these changes from the Chrome browser are planned from version 111, however ongoing changes can occur. Administrators are recommended to refer to the Chrome Rollout Plan for latest updates to this feature.
It is recommended to upgrade to fixed versions as mentioned in this section. In cases where an upgrade is not chosen, but administrative control over Chrome users is available, PNA checks can be disabled through a workaround that uses Chrome Enterprise policies.
Refer to these Chrome developer blogs related to this topic for more information on how this can be achieved.
In order to disable PNA checks, see:
For more details, see:
Component | Affected Version 12.5(1) | Affected Version 12.6(1) | Defect ID | 12.5 ES Patch URL | 12.6 ES Patch URL |
---|---|---|---|---|---|
UCCE/PCCE/ICM | Yes | Yes | CSCwc98312 | CCE 12.5(2) ES8 | CCE 12.6(1) ES45 |
CVP | Yes | Yes | CSCwc93530 | CVP 12.5(1) ES30 | CVP 12.6(1) ES17 |
VVB | Yes | Yes | CSCwc93693 | VVB 12.5(1) ES15 | VVB 12.6(1) ES |
Finesse | Yes | Yes | CSCwc13647 | Finesse 12.5(1) SU | Finesse 12.6(1) ES6 |
CCP | Yes | Not Applicable | CSCwc80228 | CCP 12.5(1) SU02 ES04 | Not Applicable |
CCX | Yes | Not Applicable | CSCwc49008 | CCX 12.5(1) SU02 ES04 | Not Applicable |
Note: For UCCE/PCCE/ICM 12.5(1), it is recommended upgrade to 12.5(2) MR and apply the 12.5(2) ES8 patch. If not, follow the information in this section.
For any further questions, contact the Cisco Technical Assistance Center (TAC).
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance