[msal-v5] Add local-network-access iframe attribute for Chrome 142+ compatibility

[Copilot]

Chrome 142 enables Local Network Access Restrictions by default, causing ssoSilent() to fail with BrowserAuthError: monitor_window_timeout when the iframe cannot access authorization servers on local networks.

Changes

• lib/msal-browser/src/interaction_handler/SilentHandler.ts: Added allow="local-network-access *" attribute to iframe created in createHiddenIframe()
• lib/msal-browser/test/interaction_handler/SilentHandler.spec.ts: Added test verifying the allow attribute is set correctly
• change/@azure-msal-browser-*.json: Beachball changefile for patch release with PR link #8132
• lib/msal-browser/docs/iframe-usage.md: Added documentation in the "Browser restrictions" section explaining Chrome 142+ Local Network Access Restrictions and how MSAL addresses them

Technical Details

function createHiddenIframe(): HTMLIFrameElement {
    const authFrame = document.createElement("iframe");
    // ... existing attributes ...
    authFrame.setAttribute("allow", "local-network-access *");  // Added
    document.body.appendChild(authFrame);
    return authFrame;
}

This replicates PR #8128 changes to the msal-v5 branch. The test was adapted to match msal-v5's function signature (4 parameters vs 5 in dev).

Documentation

Added to iframe-usage.md:

• Chrome 142+ enables Local Network Access Restrictions by default
• This affects ssoSilent() when the iframe needs to access authorization servers on local networks
• MSAL includes the allow="local-network-access *" iframe attribute to address this restriction
• Users may still need to consent to local network access in their browser, but the authentication flow will no longer timeout

References

• Upstream PR: Add local-network-access iframe attribute for Chrome 142+ compatibility #8128
• Chrome Feature: Local Network Access
• Related Issue: ssoSilent fails in upcoming version of Chrome (142) #8100

[!WARNING]

This pull request was created as a result of the following prompt from Copilot chat.

Replicate the changes from PR #8128 (Add local-network-access iframe attribute for Chrome 142+ compatibility) so that they target the msal-v5 branch instead of dev. Ensure that all changes, including any new tests, documentation, or code modifications related to the local-network-access iframe attribute for Chrome 142+ compatibility, are included as they are in the merged PR #8128.

Original prompt

Replicate the changes from PR #8128 (Add local-network-access iframe attribute for Chrome 142+ compatibility) so that they target the msal-v5 branch instead of dev. Ensure that all changes, including any new tests, documentation, or code modifications related to the local-network-access iframe attribute for Chrome 142+ compatibility, are included as they are in the merged PR #8128.

This pull request was created as a result of the following prompt from Copilot chat.

Replicate the changes from PR #8128 (Add local-network-access iframe attribute for Chrome 142+ compatibility) so that they target the msal-v5 branch instead of dev. Ensure that all changes, including any new tests, documentation, or code modifications related to the local-network-access iframe attribute for Chrome 142+ compatibility, are included as they are in the merged PR #8128.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull Request Overview

This PR backports Chrome 142+ compatibility changes from PR #8128 to the msal-v5 branch, adding support for Local Network Access restrictions that prevent ssoSilent() failures when iframes need to access authorization servers on local networks.

Key Changes

• Added allow="local-network-access *" iframe attribute to enable Chrome 142+ compatibility
• Added test coverage to verify the attribute is correctly set on iframes
• Included beachball changefile for patch release

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
lib/msal-browser/src/interaction_handler/SilentHandler.ts	Added allow="local-network-access *" attribute to iframe in createHiddenIframe() function to enable access to local network resources in Chrome 142+
lib/msal-browser/test/interaction_handler/SilentHandler.spec.ts	Added test case verifying the allow attribute is set to "local-network-access *" on created iframes
change/@azure-msal-browser-f58c5c6e-8433-4f07-9f71-6e58bab22ab2.json	Added beachball changefile for patch release documenting the Chrome 142 compatibility fix