With the release of Chrome 142, Box users will be prompted to allow or block local network access when a website tries to connect to a software app on your local machine.
Box relies on this mechanism to communicate with the Box Tools software on the same device for features like Open in Desktop, Device Trust posture checks for user logins, and CAC/PIV signature workflows. Because the Box web app relies on local communication with Box Tools, if the user does not grant permission, these features will stop working.
This Chrome prompt is used only for authentication. Box will not access or read information from other devices on your local network. It communicates only with the device where Device Trust, Box Edit, or CAC/PIV signature workflows are being used.
Below are the details of the user impact and the actions admins or end users can take to prevent this disruption.
Impact to end users if permission is blocked or not granted
Users may see an unexpected browser permission prompt asking for local network access, and selecting “Block” will impact the following Box capabilities:
- Box Edit (“Open in Desktop App”) will no longer function
- Device Trust login flows will fail—users may be unable to log in to box.com
- CAC/PIV signature workflows will not complete
Admin action required to suppress prompt via Trusted Domains
To prevent users from seeing the prompt and ensure seamless operation, administrators in managed Chromium environments can pre-grant local network access to trusted WebApp domains via policy. Google’s enterprise policy framework supports this, allowing admins to pre-grant or pre-deny local network access for specific site origins.
You can specify which trusted domains are allowed to make local network requests by setting LocalNetworkAccessAllowedForUrls. To ensure Box features work seamlessly, add the following domains to the allowed list:
- "*.box.com"
- "*.box.net"
- "*.boxcn.net"
- "*.boxcdn.net"
- "*.boxenterprise.net"
This allows Box Tools to function smoothly without prompting end users, while still restricting access for other sites.
Admins should plan to insert Box domains into LocalNetworkAccessAllowedForUrls ahead of the Chromium 142 rollout.
Note: Deploying the managed LocalNetworkAccessAllowedForUrls policy will override any prior per-user deny state and enforce the allow setting once the policy is applied to the device/profile; no end-user action is required after policy propagation. To learn more about this policy from Google, see here.
End user instructions to allow access
If you are prompted with this action “Look for and connect to any device on your local network” in a Box domain, click Allow.
If you already declined, you can re-enable it as follows:
- Copy and paste chrome://settings/content/localNetworkAccess into your browser’s address bar or navigate to this setting:
- In Chrome, select the three vertically stacked dots in the upper right to bring up Chrome’s menu.
- Near the bottom of the menu, select Settings > Privacy and security > Site Settings.
- At the bottom of the Permissions section, in the middle of the page, select Additional Permissions > Local network access.
- Next to “Allowed to connect to any device on your local network,” select Add.
- In the text box that appears, add the following to the list:
- [*.]box.com
- [*.]box.net
- [*.]boxcn.net
- [*.]boxcdn.net
- [*.]boxenterprise.net
- After granting permission, refresh the browser and retry your operation.
Note: If you are working in a managed environment, please reach out to your Box admin for help to configure your environment. Here are a couple ways to tell if you are in a managed environment:
- When you enter Chrome's Settings and select Privacy and security, you may see a message that says “Your browser is managed by [organization].”
- If the text box that appears after you select Add (to add to the “Allowed to connect to any device on your local network” list) is not editable, you are working in a managed environment.
If you have any questions or concerns regarding this functionality and your organization, please reach out to your account team or Product Support team for help.