Isolated Web App manifests now require specific "local-network" and/or "loopback-network" permission policies to enable Direct Sockets connections to local or loopback network addresses, respectively. This change replaces the existing "direct-sockets-private" permission policy. This provides developers with more granular control over network access and enhances application security by making network requirements more transparent within the manifest.
This change introduces essential user consent before granting potentially sensitive network access to IWAs, aligning with the principle of least privilege. The granular manifest policies ensure that apps only request the specific network access they need.