see https://developer.chrome.com/blog/private-network-access-preflight/
Looks like they finally updated Chrome to block private network access if the request answerer (AnkiConnect) doesn't add the header to allow it.
It still works offline in Chrome, and online in Firefox and Edge, see the readme -> Troubleshooting section.
A solution to this would be patching AnkiConnect to add a setting in the config to set the Access-Control-Allow-Private-Network header to true.
They seem to recommend not using the API on a webpage due to the possibility of malicious websites changing your decks, though that is a pretty unlikely event (and not possible on my website, since it's open source and only doing very specific requests).
So, it would at least be nice to have the option to allow this.
see https://developer.chrome.com/blog/private-network-access-preflight/ Looks like they finally updated Chrome to block private network access if the request answerer (AnkiConnect) doesn't add the header to allow it. It still works offline in Chrome, and online in Firefox and Edge, see the readme -> Troubleshooting section.
A solution to this would be patching AnkiConnect to add a setting in the config to set the
Access-Control-Allow-Private-Networkheader to true.There are already a few issues in AnkiConnect about similar things related to CORS: https://github.com/FooSoft/anki-connect/issues?q=is%3Aissue+CORS
e.g. this one: https://github.com/FooSoft/anki-connect/issues/201
They seem to recommend not using the API on a webpage due to the possibility of malicious websites changing your decks, though that is a pretty unlikely event (and not possible on my website, since it's open source and only doing very specific requests). So, it would at least be nice to have the option to allow this.