search

chromiumembedded / cef

Chromium Embedded Framework (CEF). A simple framework for embedding Chromium-based browsers in other applications.
https://bitbucket.org/chromiumembedded/cef/
Other
3.36k stars 467 forks source link

Site with no CORS errors in Chrome has CORS errors in CEF #3405

Closed magreenblatt closed 2 years ago

magreenblatt commented 2 years ago

Original report by Stephen Soper (Bitbucket: Stephen Soper).

I came across this CORS issue in CefSharp.Winforms. I don't get the CORS errors in full blown Chrome.

I first posted this issue in the CefSharp GitHub issue tracker and the maintainer redirected me here.

To reproduce, navigate to https://scoopfit.com and select a product to order, and go through the checkout process up until the payment method options. Select Afterpay and click pay now (don't worry, we're not actually ordering).

Once that page loads, open developer tools and go to the console tab.

If the above was done in Chrome, there will be no CORS errors although there are some other errors regarding inline scripts and resource load errors (but that's just Shopify - I expect to see that).

If the above was loaded in CEF, there are a number of CORS errors.

I'm using the latest version of CefSharp.WinForms (v105); and also had the same issue on v99. I updated to v105 from v99 to see if it would correct the issue, but it did not.

I have also attempted using the AddCrossOriginWhitelistEntry() method still to no avail (although I expected that not to work as I have seen that this method needs to be corrected in another reported issue).

I have attempted to initialize chromium with the disable-web-security command line option, but that does not disable CORS. I have also attempted other command line args such as:

disable-features=IsolateOrigins
disable-site-isolation-trials
disable-request-handling-for-testing

These were suggested by the maintainer of CefSharp on GitHub

This one has me totally stumped just for the fact that I'm not making any requests other than just loading the site as in a full Chrome browser and not getting the same result. With those CORS errors, even if you populate the phone number or email address, the submit button will not work.

magreenblatt commented 2 years ago

Please test using the CEF Sample Application.

  1. Does running with the --disable-request-handling-for-testing command-line flag fix the issue?
  2. Use chrome://net-export/ to record the network requests. How do they differ between CEF and Chrome?

magreenblatt commented 2 years ago

Original comment by Stephen Soper (Bitbucket: Stephen Soper).

Ok, so I’m not getting the CORS errors in the sample application, so I’m taking this back to the CefSharp issue tracker. Thanks fo your time.

magreenblatt commented 2 years ago