Chrome will start sending a CORS preflight request ahead of any private network request for a subresource, which asks for explicit permission from the target server. This preflight request will carry a new header, Access-Control-Request-Private-Network: true , and the response to it must carry a corresponding header, Access-Control-Allow-Private-Network: true .
Just putting this out here so these new headers can be accounted for. Is this something that Dgraph will do or is this left on the end users to fix somehow?