Citrix UCSDK optimization relies on a Citrix JavaScript library (UCSDK JS (or) WebRTC JS) that third-party vendors integrate directly into their web applications. When a user launches the web application inside the VDA browser, this integrated UCSDK executes and attempts to establish a WebSocket connection to the Citrix WebSocket Service running locally on the VDA's loopback address (127.0.0.1:9002). This connection acts as the signaling bridge required to offload media processing to the user's physical endpoint.

Starting with Google Chrome 147 and Microsoft Edge 147, new security measures known as Local Network Access (LNA) restrictions have been enforced on WebSockets. These restrictions are designed to prevent public websites from silently making requests to local or private IP addresses.

As a result of this browser change:

• When the UCSDK embedded in the web application attempts to connect to 127.0.0.1:9002, the browser triggers a prompt asking the user to grant the site permission to access the local network.
• If the user clicks No/Deny, the WebSocket connection is blocked.
• If an organization uses policies that automatically suppress or deny browser permission prompts, the connection is silently blocked without the user's knowledge.
• Once the WebSocket connection is blocked, the UCSDK cannot communicate with the Citrix VDA. The optimization fails, causing the application to fall back to unoptimized server-side rendering or fail to route audio/video entirely.

For more information on this Chromium engine change, review the following vendor documentation:

• Google Chrome: Chrome 147 Release Notes and the Chromium Platform Status tracker.
• Microsoft Edge: Microsoft Edge 147 web platform release notes

To ensure seamless optimization and prevent the permission prompt from appearing, administrators must configure browser enterprise policies to explicitly allow their UC application URLs to bypass the LNA checks.

Both Google Chrome and Microsoft Edge use the LocalNetworkAccessAllowedForUrls policy to manage this exception. You must add the specific URLs of your unified communications applications (for example: [*.]my.connect.aws, [*.]five9.com, [*.]twilio.com, etc.,) to this policy list. 

Because these policies are managed by the browser vendors, Citrix recommends reviewing the official Microsoft and Google documentation for specific instructions on how to deploy these configurations in your environment:

• Google Chrome: LocalNetworkAccessAllowedForUrls (Chrome Enterprise Policy List)
• Microsoft Edge: LocalNetworkAccessAllowedForUrls (Microsoft Edge Browser Policies)

Users accessing web-based Unified Communications (UC) and Contact Center as a Service (CCaaS) applications optimized via the Citrix Unified Communications SDK (UCSDK) may experience optimization failure. Impacted web-based platforms may include Amazon Connect, Microsoft Dynamics 365, Zoom Web App, Sprinklr, Five9, Twilio Flex, Talkdesk, Content Guru, RingCentral, Intermedia and 8x8 Work for Web. See the complete list of UCSDK supported vendors in Citrix UCSDK documentation

This occurs after updating the Virtual Delivery Agent (VDA) browser to Google Chrome 147 or Microsoft Edge 147. These browser versions introduce a new permission prompt for "Local Network Access restrictions for WebSockets". If a user denies this prompt, or if enterprise security policies automatically suppress browser prompts, the underlying WebSockets are blocked, and UCSDK optimization fails.