Web requests failing in latest versions of Chrome/...

tarockx · ‎01-07-2026

Hello everyone.

I wanted to bring attention to an issue that I have not seen discussed much, but that since about a month ago is affecting every Chrome/Edge user that interacts with custom visuals that make rest calls to a backend service (and ask if anyone has a solution as of now).

I have already reported the issue on github and via e-mail to Microsoft, but didn't get much useful feedback. In short, here is the issue summed up:

Since Chrome v142 (and equivalent Edge version), Google introduced the Local Network Access restrictions feature, which limits how a public website can interact with local web resources (i.e.: making REST calls to either "localhost" or a private network addresses like 10.x.x.x or 192.x.x.x)

In a normal scenario this just means that to make such calls the user needs to approve the request via a popup dialog, which would be fine.

However, this doesn't work for power bi custom visuals (even if the appropriate "WebAcces" privilege is declared in capabilities.json), because custom visuals are hosted inside a sandboxed iframe, and the Power Bi service is not setting the

sandbox="local-network-access"

attribute on the iframe, which is required for the popup to be displayed and the user to be able to approve the request.

What happens instead is that the rest call is just terminated, with the following error:

Does anyone have a proper solution to this? I already know the Local Network Access restrictions can be disabled via a Chrome flag, but that is just a temporary workaround, not really a solution.

I have already contacted Microsoft about this and they said they were "investigating the issue", but almost two months have passed since then and I haven't got any feedback back. If anyone else can help it would be greatly appreciated.

mohit_sakhare · ‎01-11-2026

This is a real and known platform-level issue and you are absolutely correct in your analysis.

What you are hitting is not a problem in your custom visual or its capabilities.json, but a Chrome / Edge security change (Local Network Access – LNA) combined with how Power BI hosts custom visuals inside sandboxed iframes. Because Power BI does not include the required sandbox="local-network-access" attribute on the iframe, the browser is unable to show the permission prompt and therefore blocks the request entirely. That is why the REST call fails silently with a CORS / blocked-by-client type error.

Unfortunately, there is currently no workaround that can be implemented inside a Power BI custom visual to fix this. Declaring WebAccess is not sufficient anymore — the browser enforcement happens before the visual ever gets a chance to run.

At this time, the only viable options are:

Move the backend behind a publicly reachable endpoint (Azure App Service, Azure Functions, API Management, etc.)
Use a Power BI supported data access mechanism (Power BI REST APIs, Fabric, dataflows, etc.)
Or temporarily disable LNA via browser flags (not suitable for production)

This is something Microsoft must fix by updating how Power BI Service embeds custom visuals (by adding the local-network-access sandbox permission), and it cannot be solved by visual developers.

Several ISVs are affected by this, so continuing to escalate this through GitHub, Fabric Ideas, and Microsoft support is currently the only path to resolution.