Closed NJPod closed 1 day ago
enricodias
commented
4 days ago If you have full control of the websites being accessed and can ensure they don't have any issues, I wouldn't worry. But you can always create a new chrome process for every user if you have any concerns about this. You could leave the browser running and only restart it after the pdf has been created if the startup time is an issue.
NJPod
commented
4 days ago Thanks for the reply.
We are keeping the browser persistent because we were are sometimes seeing chrome taking a while to launch. We aren't visiting any websites. We are generating HTML based on customer data sent in JSON and then using chrome to create the PDF from the HTML.
I think the concern is if the generated HTML were to somehow leak between two requests for different customer data. I can't say I see it but I could be wrong! We don't save the HTML or the PDF.
enricodias
commented
4 days ago I don't think there would be any security issues on chrome's side, your application is more likely to have those issues than a maintained popular browser. If you are not using chrome's local storage, cookies or anything like it I don't see how data could leak like that.
NJPod
commented
1 day ago Thanks @enricodias for your time.
Hi,
We generate PDFs using chrome-php and keep a persistent browser. This is behind an API. A request is made with the data to generate a PDF with and we return the base64. We create a new page for each request.
I am wondering if there are any potential issues with leaking of data between requests for different client PDFs? i.e. we don't want to somehow expose data from one client to another.
The browser creates a tmp directory for userDataDir but we aren't browsing any external websites so I don't think there is an issue there.
Any advice on this would be appreciated.
Thanks.