浏览器内网域名请求跨域,has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`

浏览器内网域名请求跨域 private

报错示例

Access to XMLHttpRequest at 'http://xxx-api.com/custom/register' 
from origin 'http://xxx-api-front.com' has been blocked by CORS policy: 
The request client is not a secure context and the resource is in more-private address space `private`.

原因

访问内网，局域网，域名

I finally found the answer, in this RFC about CORS-RFC1918 from a Chrome-team member. 
To sum it up, Chrome has implemented CORS-RFC1918, 
which prevents public network resources from requesting private-network resources - unless the public-network resource is secure (HTTPS) 
and the private-network resource provides appropriate (yet-undefined) CORS headers.

Access-Control-Allow-Private-Network: true

解决方案

谷歌搜搜 in more-private address space private
https://stackoverflow.com/questions/66534759/cors-error-on-request-to-localhost-dev-server-from-remote-site

There's also a Chrome flag you can change to disable the new behavior for now: 
chrome://flags/#block-insecure-private-network-requests
Disabling that flag does mean you're re-opening the security hole that Chrome's new behavior is meant to close.
 
just a Chrome client way to ignore this warning and make assets accessable:
1: go to chrome://flags/#block-insecure-private-network-requests
2: set Block insecure private network requests to Disabled
Note: this just works fine when you're in your own computer or your dev environment
如果搜不到 上面这个设置参数 试试这个
Try chrome://flags/#allow-insecure-localhost
Set to Enabled
Restart Chrome