topic AuthNet Hosted iFrame broken for VPN users in Chrome 142+ in Integration and Testing https://community.developer.cybersource.com/t5/Integration-and-Testing/AuthNet-Hosted-iFrame-broken-for-VPN-users-in-Chrome-142/m-p/95171#M58791 <P>We are finding that users on a VPN (or anyone on a private network) are unable to use the Hosted Authnet iFrame on our site.&nbsp;We are specifically using the iframe delivered from `/customer/addPayment`. I know Chrome 142 tightened enforcement of the Local Network Access spec, blocking cross-origin requests to private networks, and we haven't been able to figure out how to work around it yet.</P><P>We have added the `allow="local-network-access"` permission attribute to the iframe on our end, as well as updated CORS settings on our side, but we find it's insufficient without the corresponding server-side header. The missing piece appears to be on the AuthNet side: `Access-Control-Allow-Private-Network: true`.</P><P>Is there something we're missing to restore full functionality for these users on VPNs, or do we need an update from AuthNet?</P> Thu, 30 Apr 2026 14:02:45 GMT prlcasey 2026-04-30T14:02:45Z AuthNet Hosted iFrame broken for VPN users in Chrome 142+ https://community.developer.cybersource.com/t5/Integration-and-Testing/AuthNet-Hosted-iFrame-broken-for-VPN-users-in-Chrome-142/m-p/95171#M58791 <P>We are finding that users on a VPN (or anyone on a private network) are unable to use the Hosted Authnet iFrame on our site.&nbsp;We are specifically using the iframe delivered from `/customer/addPayment`. I know Chrome 142 tightened enforcement of the Local Network Access spec, blocking cross-origin requests to private networks, and we haven't been able to figure out how to work around it yet.</P><P>We have added the `allow="local-network-access"` permission attribute to the iframe on our end, as well as updated CORS settings on our side, but we find it's insufficient without the corresponding server-side header. The missing piece appears to be on the AuthNet side: `Access-Control-Allow-Private-Network: true`.</P><P>Is there something we're missing to restore full functionality for these users on VPNs, or do we need an update from AuthNet?</P> Thu, 30 Apr 2026 14:02:45 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/AuthNet-Hosted-iFrame-broken-for-VPN-users-in-Chrome-142/m-p/95171#M58791 prlcasey 2026-04-30T14:02:45Z