With the release of Google Chrome 142, Microsoft Edge 143 and Firefox, Box users are prompted to allow or block local network access when a website tries to connect to software on their devices.
Box relies on this mechanism to communicate with the Box Tools software on the same device for features like Open in Desktop, Device Trust posture checks for user logins, and CAC/PIV signature workflows. Because the Box web app relies on local communication with Box Tools, if the user does not grant permission, these features will stop working.
This browser prompt is used only for authentication. Box will not access or read information from other devices on your local network. It communicates only with the device where Device Trust, Box Edit, or CAC/PIV signature workflows are being used.
Below are the details of the user impact and the actions admins or end users can take to prevent this disruption.
Impact to End Users if Permission is Blocked or Not Granted
Users may see an unexpected browser permission prompt asking for local network access. Selecting “Block” will impact:
- Box Edit (“Open in Desktop App”) will no longer function
- Device Trust login flows will fail — users may be unable to log in to box.com
-
CAC/PIV signature workflows will not complete
Admin Action Required to Suppress Prompt
Administrators in managed Chromium environments can pre-grant local network access to trusted domains so end users never see the prompt.
To learn more about this policy and guidance on configuration from Google, see here.
To learn more about this policy and guidance on configuration from Microsoft, see here.
Firefox has not yet published enterprise policy options for this configuration. This article will be updated once Mozilla publishes official guidance.
Allow the following domains under Local Network Access, along with the https scheme:
- *.box.com
- *.box.net
- *.boxcn.net
- *.boxcdn.net
- *.boxenterprise.net
Also allow any domain from which Box Web is embedded.
Be sure to save changes and allow the policy to propagate.
This same configuration can be set at the individual browser level for end users.
End User Instructions to Allow Access
Chrome & Edge
If you are prompted with “Look for and connect to any device on your local network” while using Box, click Allow.
To help, we’ve added in-app guidance (for Chrome & Edge) that explains this new browser behavior and walks you through allowing access. Box only communicates with Box Tools on your own device—it does not access other devices on your local network.
If you embed the Box Web app as an iframe in a website or webapp, the <iframe> embedding code must include the Chromium parameter allow="local-network-access*; clipboard-read*; clipboard-write*" so that the embedded Box Web app can request the Chromium users to grant permissions to access local network or clipboard.
Firefox
If you are prompted that the Box domain “wants access to other apps and services on your device”, click Allow. Box communicates only with Box Tools on your device, and does not access other devices on your local network.
If you want Firefox to always allow the Box domain to connect to local app and service and avoid future prompting, click “Remember my choice for this site“.
If you previously blocked access, you can update the setting by clicking the settings icon in the address bar and clearing the Blocked Temporarily permission.
To learn more about the Firefox permission setting, see here.
Managed Environment Indicators
You are likely in a managed environment if:
- Chrome settings show: “Your browser is managed by [organization]”
- The Add box under Local network access is grayed out / not editable
To learn more about this update, please read the product announcement. For any questions or concerns regarding this functionality and your organization, please reach out to your account team or Product Support team.