search

cloudflare / cloudflare-docs

Cloudflare’s documentation
https://developers.cloudflare.com
Creative Commons Attribution 4.0 International
2.92k stars 3.4k forks source link

Consider WARP enrollment process when using a browser with site whitelisting #16575

Closed jamie-sandbox closed 2 weeks ago

jamie-sandbox commented 2 weeks ago

Existing documentation URL(s)

https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/manual-deployment/

What changes are you suggesting?

It is not possible to enroll to the WARP zero trust client if your web browser uses a local site whitelist, which is common in high-security or locked-down enterprise environments:

image

Even when whitelisting <your-team-name>.cloudflareaccess.com, the callback to the local WARP client uses the unusual protocol handler com.cloudflare.warp://, which does not seem to be possible to whitelist, despite trying:

image

In Microsoft Edge and Google Chrome, the policy is configurable via Group Policy or InTune, and is called URLAllowlist.

A partial workaround is to set the UseWebView2 value at HKEY_LOCAL_MACHINE\SOFTWARE\Cloudflare\CloudflareWARP, however this is not a practical solution as it requires installing WebView2.

Without a better workaround or fix, this completely blocks our progress with WARP.

Additional information

No response

ranbel commented 2 weeks ago

Thanks for the feedback! Unfortunately there is no better workaround at the moment, but I have passed on your feedback to the WARP product managers. If you have a Cloudflare account team, I'd recommend contacting them so that they can raise an official feature request.

kseyoss commented 2 days ago

We have this exact same issue. It has been preventing us from moving ahead with Cloudflare for the past 18 months. We have our environment fully setup and ready to go, but we can't progress because the weird "com.cloudflare.warp://" protocol request can't be passed through Chrome with a whitelist.

Google support have replicated the problem... fwiw, they blame the dots (apparently it makes the browser think it's a domain, even with the trailing slashes - so I'm told). We have various protocol handlers whitelisted, such as chrome://, file://, etc, and those work fine, just the Cloudflare one that doesn't.

This has become such an issue, and has remained this way for such a length of time, that we started trialling alternatives to Cloudflare.

please also see here: https://issues.chromium.org/issues/335082218

kseyoss commented 2 days ago

Please consider reopening this issue until resolved. Chromium is nearly 80% browser market share. Whilst I appreciate not all will be affected by this, it will be causing issues for many people. I suspect a large number hit this problem and simply move on to one of your competitors.