CORS Issue with Local Nakama Server and Unity WebGL(HTTP)

Local Setup
,
1

Hello,

I have trouble with CORS when authenticating to get a session with the Nakama server running on localhost.

Is it possible to fix this issue without HTTPS?

Thank you!

{Details}

  • Unity WebGL game is hosted on EC2 (HTTP).
  • Nakama server is running locally (HTTP).
        private async UniTask ConnectAsync(string scheme, string host, int port, string serverKey)
        {
            //WebGL 가이드 - https://github.com/heroiclabs/nakama-unity?tab=readme-ov-file 참고
#if UNITY_WEBGL && !UNITY_EDITOR
            IClient client = new Client(scheme, host, port, serverKey, UnityWebRequestAdapter.Instance);
#else
            IClient client = new Client(scheme, host, port, serverKey);
#endif
            ISocket socket = client.NewSocket(useMainThread: true);

            string deviceId = PlayerPrefs.GetString(NakamaConstants.DeviceIdKey);

            if (string.IsNullOrWhiteSpace(deviceId))
            {
                deviceId = Guid.NewGuid().ToString();
            }

            ISession session = await AuthenticateDeviceId(client, deviceId);

            IApiAccount account = null;
            account = await client.GetAccountAsync(session);

            _connection.Init(client, socket, session, account);

            await socket.ConnectAsync(session);
        }

        private async UniTask<ISession> AuthenticateDeviceId(IClient client, string deviceId)
        {
            string authToken = PlayerPrefs.GetString(NakamaConstants.AuthTokenKey, null);
            string refreshToken = PlayerPrefs.GetString(NakamaConstants.RefreshTokenKey, null);

            ISession session = null;

            if (!string.IsNullOrEmpty(authToken))
            {
                session = Session.Restore(authToken, refreshToken);

                if (session.HasExpired(DateTime.UtcNow.AddDays(1)))
                {
                    try
                    {
                        session = await client.SessionRefreshAsync(session);
                    }
                    catch (ApiResponseException ex)
                    {
                        Log.ErrorFormat("Failed to refresh session: {0}. Try to get a new refresh token.", ex);
                        session = await client.AuthenticateDeviceAsync(deviceId);
                        PlayerPrefs.SetString(NakamaConstants.RefreshTokenKey, session.RefreshToken);
                    }

                    PlayerPrefs.SetString(NakamaConstants.AuthTokenKey, session.AuthToken);
                }
            }
            else
            {
                session = await client.AuthenticateDeviceAsync(deviceId);
                PlayerPrefs.SetString(NakamaConstants.AuthTokenKey, session.AuthToken);
                PlayerPrefs.SetString(NakamaConstants.RefreshTokenKey, session.RefreshToken);
            }

            return session;
        }

Access to fetch at 'http://127.0.0.1:7350/v2/account/authenticate/device?create=true&' 
from origin 'http://{my_ip}:{port}' has been blocked by CORS policy: 
The request client is not a secure context and the resource is in more-private address space `local`.
2

OK, I found that this issue is about the ‘Private Network Access (PNA)’ CORS error.

So I published my WebGL app over HTTPS, and I could solve the problem.