From 24070be57ca1fc8a80c35e5f1711796ba70c282c Mon Sep 17 00:00:00 2001
From: Marcelo Serrano <marcelo@dive.games>
Date: Wed, 15 Jun 2022 14:35:12 -0300
Subject: [PATCH] Adding 'Access-Control-Allow-Private-Network = true' header
 for new google chrome specification

---
 flask_cors/core.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/flask_cors/core.py b/flask_cors/core.py
index 93c7529..6b3b24d 100644
--- a/flask_cors/core.py
+++ b/flask_cors/core.py
@@ -29,10 +29,12 @@
 ACL_EXPOSE_HEADERS = 'Access-Control-Expose-Headers'
 ACL_CREDENTIALS = 'Access-Control-Allow-Credentials'
 ACL_MAX_AGE = 'Access-Control-Max-Age'
+ACL_RESPONSE_PRIVATE_NETWORK = 'Access-Control-Allow-Private-Network'
 
 # Request Header
 ACL_REQUEST_METHOD = 'Access-Control-Request-Method'
 ACL_REQUEST_HEADERS = 'Access-Control-Request-Headers'
+ACL_REQUEST_HEADER_PRIVATE_NETWORK = 'Access-Control-Request-Private-Network'
 
 ALL_METHODS = ['GET', 'HEAD', 'POST', 'OPTIONS', 'PUT', 'PATCH', 'DELETE']
 CONFIG_OPTIONS = ['CORS_ORIGINS', 'CORS_METHODS', 'CORS_ALLOW_HEADERS',
@@ -188,6 +190,10 @@ def get_cors_headers(options, request_headers, request_method):
     if options.get('supports_credentials'):
         headers[ACL_CREDENTIALS] = 'true'  # case sensative
 
+    if ACL_REQUEST_HEADER_PRIVATE_NETWORK in request_headers \
+            and request_headers.get(ACL_REQUEST_HEADER_PRIVATE_NETWORK) == 'true':
+        headers[ACL_RESPONSE_PRIVATE_NETWORK] = 'true'
+
     # This is a preflight request
     # http://www.w3.org/TR/cors/#resource-preflight-requests
     if request_method == 'OPTIONS':