From 0fd053fa5f0320d59e09bf03640949315a101781 Mon Sep 17 00:00:00 2001
From: gohai <gottfried.haider@gmail.com>
Date: Tue, 16 Jun 2026 12:20:22 +0800
Subject: [PATCH] Add Local Network Access restrictions to iframe allow

See https://learn.microsoft.com/en-us/deployedge/ms-edge-local-network-access for details. This still yields to the browser on whether or not to allow the actual request, but it adds the possibility to interface with a local host via CORS requests from within the iframe.
---
 client/modules/IDE/components/PreviewFrame.jsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/client/modules/IDE/components/PreviewFrame.jsx b/client/modules/IDE/components/PreviewFrame.jsx
index 434d18b786..2e1e4568e0 100644
--- a/client/modules/IDE/components/PreviewFrame.jsx
+++ b/client/modules/IDE/components/PreviewFrame.jsx
@@ -45,7 +45,7 @@ function PreviewFrame({ fullView, isOverlayVisible }) {
   const sandboxAttributes = `allow-forms allow-modals allow-pointer-lock allow-popups 
     allow-same-origin allow-scripts allow-top-navigation-by-user-activation allow-downloads`;
   const allow = `accelerometer; ambient-light-sensor; autoplay; bluetooth; camera; encrypted-media; geolocation; gyroscope; \
-    hid; microphone; magnetometer; midi; payment; usb; serial; vr; xr-spatial-tracking`;
+    hid; local-network-access; microphone; magnetometer; midi; payment; usb; serial; vr; xr-spatial-tracking`;
 
   return (
     <>