srvrguy
commented
6 days ago As a note for how the code currently works, based on my understanding:
If you are using a local version:
- version checking is not run
- converting to PDF uses shell commands (function asyncToPdf in HeadlessChrome.php, line 290+)
If you are using a remote version:
- version checking is run against the provided host (function jsonVersion in HeadlessChrome.php)
- converting to PDF calls jsonVersion() to grab the WebSocket URL and then calls printToPDF() (in HeadlessChrome.php)
The proposed change is only in the jsonVersion() function and will only affect remote Chrome configurations. Additionally, it only is for the one call to confirm the version and get the WebSocket URL. It doesn't affect the actual PDF creation flow for remote instances.
About the only configuration that would break with this change would be if someone has proxied the DevTools connection and is relying on the Host header to direct calls to the proxied Chrome instance. I can't really see that someone would be running such an exotic configuration, so I feel the proposed change would be fairly safe to implement.
nilmerg
Back in 2018, Google added some restrictions to their browser to prevent a security issue with DevTools where a malicious webpage may be able to control the browser. This issue was documented over at https://issues.chromium.org/issues/40090537 and the patch implementing the fix is at https://chromium-review.googlesource.com/c/chromium/src/+/952522
Unfortunately, this change breaks this module if you're using a remote DevTools instance. While the traditional setup would be to install Chrome locally on the system running Icinga Web, this is not possible with the official containers. For a container setup, you would be running Chrome DevTools in a container as well, and then configure the remote address.
The changes to Chrome, however, make this tricky. The patch checks the Host header of the request and will reject the request unless the value of the header is an IP or one of the hardcoded options that would normally resolve to "localhost". While you can configure the module to use an IP, these are often dynamically assigned on container start by the container engine or Kubernetes networking. Using a service name is stable, but trips against the host header issue.
I had previously submitted a PR (#71), but this was not approved. I do understand since hardcoding a host header of "localhost" does potentially break things. It's not specific to containerized setups, as was mentioned there, since you can run a remote Chrome instance on a plain VM or even bare-metal if you want and don't want to rely on a static IP.
There is one other alternative, which I'm proposing here before submitting another PR. The comments on the Chrome patch note that it is expected that "non-browser automation software" will not send a Host header as a full browser would.
I propose adjusting the code so that the Host header is explicitly removed from the request. This should safely continue working for all setups, and will allow remote Chrome versions higher than 65 to function when the remote host is configured as a DNS name instead of an IP.
If this is acceptable, I can provide a new PR, or adjust my existing PR for the behavior I am proposing.