Commit Graph

57 Commits

Author SHA1 Message Date
Marshall Greenblatt 0580f93839 Fix credentials mode for fetch request redirect (fixes #3675)
Also verified that https://browseraudit.com/ gives the same results
both with and without `--disable-request-handling-for-testing`.
2024-05-06 15:17:22 -04:00
Marshall Greenblatt 52dac91167 Update to Chromium version 124.0.6367.0 (#1274542) 2024-03-22 13:46:28 -04:00
Marshall Greenblatt d4cf19db29 Update to Chromium version 123.0.6312.0 (#1262506)
- MacOS ARM64 Official builds are currently failing due to
  https://issues.chromium.org/issues/326898585
2024-02-26 12:08:55 -05:00
Marshall Greenblatt a0446a3c8a Fix clang-tidy warnings (see #3632) 2024-01-21 14:18:09 -05:00
Marshall Greenblatt a02d2ab3e6 libcef: Format with clang-tidy (see #3632) 2024-01-20 19:33:17 -05:00
Marshall Greenblatt cf934a20a7 Fix cookie exclusion for fetch CORS pre-flight requests (fixes #3596)
Cookies (and other credentials) will be excluded when appropriate by
downgrading |credentials_mode| from kSameOrigin to kOmit.

Improve logic for Origin header inclusion, including a fix for
Referrer/Origin calculation in URLRequestJob::ComputeReferrerForPolicy
when used with custom standard schemes.

Specify correct CookiePartitionKeyCollection when loading cookies.

To test:
- Run tests from https://browseraudit.com/ with and without
  `--disable-request-handling-for-testing`. Results are the same.
- Run `ceftests --gtest_filter=CorsTest.*`.
2023-11-20 14:44:43 -05:00
Marshall Greenblatt de4f9e8908 tests: Change HTTP test URLs to HTTPS
This avoids unexpected HTTP to HTTPS redirects which cause test failures with
the Chrome runtime.
2023-05-05 22:53:16 +03:00
Marshall Greenblatt dc2231cdfb Update to Chromium version 111.0.5563.0 (#1097615) 2023-02-03 13:00:26 -05:00
Marshall Greenblatt 3af3eab3e4 Update source files for bracket style 2023-01-04 17:47:17 -05:00
Marshall Greenblatt 4d1fd05740 Update to Chromium version 107.0.5304.0 (#1047731) 2022-09-29 13:09:35 -04:00
Marshall Greenblatt f8d90a8972 Fix OnReceiveResponse expectations (fixes issue #3380)
OnHeadersReceived may not have been called for cached responses.
2022-08-30 14:20:19 -04:00
Marshall Greenblatt 7659dd60ba Update to Chromium version 106.0.5249.0 (#1036826) 2022-08-25 14:09:20 -04:00
Marshall Greenblatt c7ea0c5958 Update to Chromium version 104.0.5112.0 (#1012729)
- Mac: 10.13 is now the minimum required macOS version
2022-06-22 10:56:35 +03:00
Marshall Greenblatt 464efb1162 Call OnResourceRedirect for internal network service redirects (fixes issue #3336) 2022-05-25 16:43:30 +03:00
Marshall Greenblatt b524edc209 Update to Chromium version 101.0.4951.0 (#982481)
Known issues:
- chrome: Some ceftests are failing due to bfcache same-site enabled by default
  (see issue #3301)
2022-03-30 19:54:09 -04:00
Marshall Greenblatt f97f0bbda6 Update to Chromium version 100.0.4896.0 (#972766) 2022-02-22 19:22:39 -05:00
Marshall Greenblatt c32f366dfa Migrate ignore_result to std::ignore (see issue #3234)
See https://crbug.com/1285085 for background.
2022-01-25 14:40:53 -05:00
Marshall Greenblatt dfc0131516 Update to Chromium version 98.0.4758.0 (#950365) 2021-12-18 15:57:34 -05:00
Marshall Greenblatt 9484d6528c Remove DISALLOW_ macro from libcef/ (see issue #3234)
Also perform related C++ cleanup:
- Use =default instead of {} for default implementations of
  constructors/destructors.
- Replace typedef with using.
2021-12-07 15:02:28 -05:00
Marshall Greenblatt e83d8d6a13 Trial fix for CORS pre-flight requests missing headers (see issue #3110, see issue #3200) 2021-11-09 14:21:58 -05:00
Marshall Greenblatt f3ed6619da Only disable request handling for HTTP/S schemes (see issue #3110)
The `--disable-request-handling-for-testing` command-line flag would previously
disable handling of all schemes, including custom schemes and internal schemes
such as devtools.
2021-10-05 11:03:28 +03:00
Marshall Greenblatt b4ea0496e7 Update to Chromium version 93.0.4577.0 (#902210) 2021-07-27 19:03:09 -04:00
Marshall Greenblatt 430895168d Add --disable-request-handling-for-testing option
Add a command-line option to bypass request handling in CEF to faciliate
debugging of network-related issues.
2021-06-11 12:09:18 -04:00
Marshall Greenblatt 00dca9601e Update to Chromium version 92.0.4515.0 (#885287) 2021-06-10 16:42:44 -04:00
Marshall Greenblatt ae4f68f695 Update to Chromium version 91.0.4472.0 (#870763) 2021-04-23 11:38:51 -04:00
Marshall Greenblatt fc7f9ff505 Fix crash when navigating to an unregistered scheme (fixes issue #3105)
The policy->CanAccessDataForOrigin CHECK in NavigationRequest::
GetOriginForURLLoaderFactory was failing because unregistered schemes
(which are already considered non-standard schemes) didn't trigger the
registered non-standard scheme allowance that we previously added in
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin. This change
modifies GetOriginForURLLoaderFactory to always return an opaque/unique
origin for non-standard schemes resulting in unregistered and non-standard
schemes receiving the same treatment.

New test coverage has been added for this condition, and can be run with:
ceftests --gtest_filter=CorsTest.*CustomUnregistered*
2021-04-12 16:18:37 -04:00
Marshall Greenblatt 74db00fc89 Update to Chromium version 90.0.4430.0 (#857950)
- Linux ARM builds require use_vaapi=false (see https://crbug.com/1185348)
- Windows official builds require use_thin_lto=false (see https://crbug.com/1177001)
2021-03-18 11:23:00 -04:00
Marshall Greenblatt 015e3621a3 Update to Chromium version 87.0.4280.0 (#812852)
- Windows: VS2015 Update 2 is now the minimum version requirement for linking
  cef_sandbox from official build binary distributions.
2020-10-15 14:21:06 -04:00
Marshall Greenblatt 4fbd247231 Add chrome runtime support for more callbacks and ceftests (see issue #2969)
This change adds support for:
- Protocol and request handling.
- Loading and navigation events.
- Display and focus events.
- Mouse/keyboard events.
- Popup browsers.
- Callbacks in the renderer process.
- Misc. functionality required for ceftests.

This change also adds a new CefBrowserProcessHandler::GetCookieableSchemes
callback for configuring global state that will be applied to all
CefCookieManagers by default. This global callback is currently required by the
chrome runtime because the primary ProfileImpl is created via
ChromeBrowserMainParts::PreMainMessageLoopRun (CreatePrimaryProfile) before
OnContextCreated can be called.

ProfileImpl will use the "C:\Users\[user]\AppData\Local\CEF\User Data\Default"
directory by default (on Windows). Cookies may persist in this directory when
running ceftests and may need to be manually deleted if those tests fail.

Remaining work includes:
- Support for client-created request contexts.
- Embedding the browser in a Views hierarchy (cefclient support).
- TryCloseBrowser and DoClose support.
- Most of the CefSettings configuration.
- DevTools protocol and window control (ShowDevTools, ExecuteDevToolsMethod).
- CEF-specific WebUI pages (about, license, webui-hosts).
- Context menu customization (CefContextMenuHandler).
- Auto resize (SetAutoResizeEnabled).
- Zoom settings (SetZoomLevel).
- File dialog runner (RunFileDialog).
- File and JS dialog handlers (CefDialogHandler, CefJSDialogHandler).
- Extension loading (LoadExtension, etc).
- Plugin loading (OnBeforePluginLoad).
- Widevine loading (CefRegisterWidevineCdm).
- PDF and print preview does not display.
- Crash reporting is untested.
- Mac: Web content loads but does not display.

The following ceftests are now passing when run with the
"--enable-chrome-runtime" command-line flag:

CorsTest.*
DisplayTest.*:-DisplayTest.AutoResize
DOMTest.*
DraggableRegionsTest.*
ImageTest.*
MessageRouterTest.*
NavigationTest.*
ParserTest.*
RequestContextTest.*Global*
RequestTest.*
ResourceManagerTest.*
ResourceRequestHandlerTest.*
ResponseTest.*
SchemeHandlerTest.*
ServerTest.*
StreamResourceHandlerTest.*
StreamTest.*
StringTest.*
TaskTest.*
TestServerTest.*
ThreadTest.*
URLRequestTest.*Global*
V8Test.*:-V8Test.OnUncaughtExceptionDevTools
ValuesTest.*
WaitableEventTest.*
XmlReaderTest.*
ZipReaderTest.*
2020-09-29 18:31:43 -04:00
Marshall Greenblatt cc56720bd2 Support CORS preflight requests with OutOfBlinkCors (fixes issue #3006)
A CORS preflight request is an "OPTIONS" request sent to a server prior to a
cross-origin XMLHttpRequest or Fetch request. The server's response determines
which HTTP request methods are allowed and supported, and whether credentials
such as Cookies and HTTP Authentication should be sent with requests.

A CORS preflight request will only be sent if certain conditions are met. For
example, it will be sent for requests that have potentially unsafe HTTP
methods [1] or request headers [2]. See the NeedsPreflight function in
services/network/cors/cors_url_loader.cc for full details.

CORS preflight functionality is implemented in the network service and will not
be triggered if the client handles the request instead of allowing it to proceed
over the network. Since the preflight request itself also runs in the network
service it cannot be intercepted by the client.

[1] https://fetch.spec.whatwg.org/#cors-safelisted-method
[2] https://fetch.spec.whatwg.org/#cors-safelisted-request-header
2020-09-11 19:21:53 -04:00
Marshall Greenblatt 88faf1023a Fix incorrect Origin and Cookie headers for POST redirects (fixes issue #2806)
This change also adds unit test coverage for cross-origin POST redirects.
2020-09-09 18:30:12 -04:00
Marshall Greenblatt 42f517ec69 Fix DCHECK failure in the URLLoader constructor.
The request.trusted_params.isolation_info.site_for_cookies value must
match request.site_for_cookies.

This change also adds unit test coverage for cross-origin GET redirects.
2020-09-09 18:29:21 -04:00
Marshall Greenblatt 24c2f2fa38 Update to Chromium version 86.0.4240.0 (#800218)
- CefURLRequest::Create is no longer supported in the renderer process
  (see https://crbug.com/891872). Use CefFrame::CreateURLRequest instead.
- Mac platform definitions have been changed from `MACOSX` to `MAC`
  (see https://crbug.com/1105907) and related CMake macro names have
  been updated. The old `OS_MACOSX` define is still set in code and CMake
  for backwards compatibility.
- Linux ARM build is currently broken (see https://crbug.com/1123214).
2020-09-03 17:44:25 -04:00
Marshall Greenblatt 6b1e5335bc Add support and enable out-of-Blink CORS (fixes issue #2716)
It can still be disabled for a short time by passing
`--disable-features=OutOfBlinkCors` on the command-line.
2020-08-26 16:25:25 -04:00
Cristian Amarie 11f37bc6eb Add limit on request redirects (fixes issue #3001) 2020-08-13 18:45:26 +00:00
Alexander Guettler 790d248111 Update to Chromium version 84.0.4147.0 (#768962) 2020-06-10 15:26:29 -04:00
Marshall Greenblatt 27257d0288 Remove DCHECK in InterceptedRequest::OnReceiveRedirect (fixes issue #2917) 2020-04-20 12:38:31 -04:00
Cristian Amarie 1c14900093 Remove unexpected content headers when converting from POST to GET request on 302 redirect response (fixes issue #2883) 2020-04-02 21:05:07 +00:00
Marshall Greenblatt 9d9ee8b45f Update to Chromium version 81.0.4044.0 (#737173) 2020-03-04 19:31:54 -05:00
Alexander Guettler 71768ea6c3 Update to Chromium version 80.0.3987.0 (#722274) 2020-02-17 13:19:09 -05:00
Yong Li 8d0ae1f894 Remove possibly incorrect CHECK in ProxyURLLoaderFactory::MaybeDestroySelf()
See also commit #81064faa.
2020-01-08 15:09:57 +00:00
Daniel Nitsche 115f760821 Update to Chromium version 79.0.3945.1 (#706915) 2019-11-19 13:22:13 -05:00
Marshall Greenblatt f8e0797773 Update to Chromium version 78.0.3904.0 (#693954) 2019-10-01 13:55:16 +00:00
Alexander Guettler 46d3a81ba0 Update to Chromium version 77.0.3865.0 (#681094)
- Windows: SDK version 10.0.18362.0 is now required.
2019-09-04 15:13:32 +00:00
Masako Toda 99c27f57b1 Fix redirect of requests with credentials mode 'include' (fixes issue #2699, see issue #2622).
Modifying the URL in OnBeforeResourceLoad causes an internal redirect response.
In cases where the request is cross-origin and credentials mode is 'include'
the redirect response must include the "Access-Control-Allow-Credentials"
header, otherwise the request will be blocked.
2019-07-16 17:43:44 -04:00
Petra Öhlin cc0db5f166 Update to Chromium version 76.0.3809.0 (#665002)
OSR tests will be fixed by a follow-up merge of Viz support (see issue #2575).
2019-07-16 15:34:16 -04:00
Marshall Greenblatt 5892ffc382 Remove POST data after redirect to GET (see issue #2707, see issue #2622).
For 303 redirects all request methods except HEAD are converted to GET as per
the latest http draft. For historical reasons the draft also allows POST
requests to be converted to GETs when following 301/302 redirects. Most major
browsers do this and so shall we. When a request is converted to GET any POST
data should also be removed.

Use 307 redirects instead if you want the request to be repeated using the same
method and POST data.
2019-07-11 16:56:51 -04:00
Marshall Greenblatt 45329d05a5 Fix cross-origin redirect from OnBeforeResourceLoad (fixes issue #2695, see issue #2622).
Modifying the URL in OnBeforeResourceLoad causes an internal redirect response.
In cases where the request is cross-origin (containing a non-null "Origin"
header) the redirect response must include the "Access-Control-Allow-Origin"
header, otherwise the request will be blocked.

This change also fixes a problem where existing request headers would be
discarded if the request was modified in OnBeforeResourceLoad.
2019-06-25 16:54:42 -04:00
Marshall Greenblatt b03a419c6b Fix crash if a pending request is continued after deletion (see issue #2622).
This is a speculative fix for a crash where the pending ResourceRequest appears
to be invalid after the request is continued from SetInitialized.
2019-06-19 15:49:08 +02:00
Marshall Greenblatt ba08c21517 Fix crashes when a request is aborted during initialization (see issue #2622).
Initialization of request objects requires asynchronous hops between the UI and
IO threads. In some cases the browser may be destroyed, the mojo connection may
be aborted, or the ProxyURLLoaderFactory object may be deleted while
initialization is still in progress. This change fixes crashes and adds unit
tests that try to reproduce these conditions.

To test: Run `ceftests --gtest_repeat=50
              --gtest_filter=ResourceRequestHandlerTest.Basic*Abort*`
2019-06-18 16:21:04 +02:00