search

chromiumembedded / cef

Chromium Embedded Framework (CEF). A simple framework for embedding Chromium-based browsers in other applications.
https://bitbucket.org/chromiumembedded/cef/
Other
3.38k stars 467 forks source link

chrome:// and chrome-untrusted:// urls can be intercepted #3799

Closed jaragunde closed 1 month ago

jaragunde commented 1 month ago

Describe the bug In CEF 126, we noticed that URLs using the chrome:// and chrome-untrusted:// schema started showing up in ResourceRequestHandler callbacks, and similarly in CefResourceManager::Provider callbacks. The previous version we had used, CEF 123, didn't have this behavior. We are unsure when this started happening in 124-126 range.

To Reproduce I've written a small reproducer with cefsimple, I added a ResourceRequestHandler to cefsimple which prints the request URL in the OnBeforeResourceLoad method: https://bitbucket.org/jaragunde/cef/commits/389b539959ae6568402857faed4e8391f3b4e074

Steps to reproduce the behavior:

  1. Run the patched cefsimple
  2. Press ctrl+P to open the print dialog
  3. Check standard output to see a number of chrome:// and chrome-untrusted:// URLs printed

Expected behavior The following URLs, which correspond to internal resources for the print dialog, weren't printed in older versions (tested CEF 123).

[56239:56252:1010/114948.875216:ERROR:simple_handler.cc(186)] chrome://resources/css/text_defaults_md.css
[56239:56252:1010/114948.876346:ERROR:simple_handler.cc(186)] chrome://resources/css/md_colors.css
[56239:56252:1010/114948.878205:ERROR:simple_handler.cc(186)] chrome://print/print_preview.js
[56239:56252:1010/114948.918541:ERROR:simple_handler.cc(186)] chrome://resources/css/roboto.css
[56239:56252:1010/114948.961016:ERROR:simple_handler.cc(186)] chrome://resources/roboto/roboto-regular.woff2
[56239:56252:1010/114949.019224:ERROR:simple_handler.cc(186)] chrome://resources/lit/v3_0/lit.rollup.js
[56239:56252:1010/114949.020713:ERROR:simple_handler.cc(186)] chrome://resources/js/cr.js
[56239:56252:1010/114949.022230:ERROR:simple_handler.cc(186)] chrome://resources/polymer/v3_0/polymer/polymer_bundled.min.js
[56239:56252:1010/114949.023846:ERROR:simple_handler.cc(186)] chrome://print/strings.m.js
[56239:56252:1010/114949.025251:ERROR:simple_handler.cc(186)] chrome://resources/js/load_time_data.js
[56239:56252:1010/114949.026828:ERROR:simple_handler.cc(186)] chrome://print/pdf/pdf_scripting_api.js
[56239:56252:1010/114949.052120:ERROR:simple_handler.cc(186)] chrome://resources/js/assert.js
[56239:56252:1010/114949.053652:ERROR:simple_handler.cc(186)] chrome://resources/js/promise_resolver.js
[56239:56252:1010/114949.328194:ERROR:simple_handler.cc(186)] chrome://resources/images/throbber_small.svg
[56239:56252:1010/114949.331320:ERROR:simple_handler.cc(186)] chrome://resources/images/arrow_down.svg
[56239:56252:1010/114949.480317:ERROR:simple_handler.cc(186)] chrome://resources/roboto/roboto-medium.woff2
[56239:56252:1010/114950.833148:ERROR:simple_handler.cc(186)] chrome://print/pdf/index_print.html?chrome-untrusted://print/1/0/print.pdf
[56239:56252:1010/114950.884859:ERROR:simple_handler.cc(186)] chrome://resources/css/text_defaults_md.css
[56239:56252:1010/114950.885792:ERROR:simple_handler.cc(186)] chrome://print/pdf/index.css
[56239:56252:1010/114950.888730:ERROR:simple_handler.cc(186)] chrome://print/pdf/main_print.js
[56239:56252:1010/114950.889967:ERROR:simple_handler.cc(186)] chrome://print/pdf/pdf_print_wrapper.js
[56239:56252:1010/114950.917950:ERROR:simple_handler.cc(186)] chrome://resources/css/roboto.css
[56239:56252:1010/114950.938646:ERROR:simple_handler.cc(186)] chrome://resources/roboto/roboto-regular.woff2
[56239:56252:1010/114950.964434:ERROR:simple_handler.cc(186)] chrome://print/pdf/browser_api.js
[56239:56252:1010/114950.990580:ERROR:simple_handler.cc(186)] chrome://print/pdf/shared.rollup.js
[56239:56252:1010/114950.992124:ERROR:simple_handler.cc(186)] chrome://resources/polymer/v3_0/polymer/polymer_bundled.min.js
[56239:56252:1010/114950.993745:ERROR:simple_handler.cc(186)] chrome://print/pdf/pdf_scripting_api.js
[56239:56252:1010/114950.995504:ERROR:simple_handler.cc(186)] chrome://resources/lit/v3_0/lit.rollup.js
[56239:56252:1010/114950.996669:ERROR:simple_handler.cc(186)] chrome://resources/js/load_time_data.js
[56239:56252:1010/114951.019126:ERROR:simple_handler.cc(186)] chrome://resources/js/assert.js
[56239:56252:1010/114951.554343:ERROR:simple_handler.cc(186)] chrome-untrusted://print/1/0/print.pdf

Screenshots If applicable, add screenshots to help explain your problem.

Versions (please complete the following information):

Additional context In our particular use, we intercept PDF requests to manage them in a different way. The print preview dialog generates the preview in PDF format in the url chrome-untrusted://print/1/0/print.pdf, which we started intercepting by mistake.

The workaround is simple, we can check the URL and allow this particular one to continue, but I wonder if this change was intentional or a side effect. Besides, it would be good to document this behavior. This ticket could let folks know about the change :slightly_smiling_face:

magreenblatt commented 1 month ago

Thanks for the note. We want to support interception of all URLs (where possible), including internal URLs. I don't think there's anything we need to change here.

jaragunde commented 1 month ago

Thanks for answering, good to know this is expected behavior.

DanielKlenda-tech commented 1 month ago

This is how you treat me on the web!

DanielKlenda-tech commented 1 month ago

I have seen people get killed for much less.

DanielKlenda-tech commented 1 month ago

Daniel Patrick Klenda is here!