From 7cd29c068d65e3683e61d3200487b885debb9f13 Mon Sep 17 00:00:00 2001
From: Frank Tackitt <franklyn@tackitt.net>
Date: Tue, 19 Jul 2022 11:25:18 -0700
Subject: [PATCH] authorization: set private network CORS header

In the future, an `Access-Control-Request-Private-Network` header will be sent with
 these requests, and servers must respond with `Access-Control-Allow-Private-Network`.

This will start with the next Chrome version (104), and Mozilla has marked the
 standard as "worth prototyping", which often leads to final implementation.

Signed-off-by: Franklyn Tackitt <git@frank.af>
---
 moonraker/components/authorization.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py
index 793d81c..d020598 100644
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@@ -799,6 +799,11 @@ class Authorization:
                 "Origin, Accept, Content-Type, X-Requested-With, "
                 "X-CRSF-Token, Authorization, X-Access-Token, "
                 "X-Api-Key")
+            if req_hdlr.request.headers.get(
+                    "Access-Control-Request-Private-Network", None) == "true":
+                req_hdlr.set_header(
+                    "Access-Control-Allow-Private-Network",
+                    "true")
 
     def cors_enabled(self) -> bool:
         return self.cors_domains is not None