Observe Chrome's public-origin → loopback-companion behavior. This page changes nothing and stores nothing. Pair it with DevTools + the companion log — see README.md.
…… (PNA/LNA requires a secure context; a *.pages.dev origin is secure & public — the exact production condition)…querying… (LNA model exposes this as prompt / granted / denied; "unsupported" ⇒ this Chrome uses classic PNA, not the permission model)…https://local.filescore.app:8788 once that DNS+cert exists — re-run the same probes and compare. No code change needed.Promise.race + 8000ms timer that fires even if the fetch never settles — mirrors companionClient.ts request()). Probe 2 is a bare fetch so you can see the browser's native settle time (does it reject fast, or hang?). Probe 3 adds Authorization+Content-Type, forcing a CORS preflight on top of PNA.| # | Probe | Target | Gesture | Elapsed | Settled as | HTTP | Detail | Inference |
|---|
Reminder: what JavaScript can see here (settle time, error name, status) is only half the picture. The ground truth — did a socket open, did a preflight appear, did the companion log the request, did a permission chip appear — lives in DevTools → Network, chrome://net-internals, the companion's stdout, and the address bar. Follow README.md.