Strict Chromium version checking is necessary because both sandbox
info and chrome_elf introduce Chromium version dependencies, and we
don't know which non-matching versions are compatible.
This adds a runtime dependency on chrome_elf.dll and makes all
runtime errors LOG(FATAL) to generate a crash report. Don't wait
for libcef to load before running as the crashpad-handler process.
Move code signing verification code to libcef_dll_wrapper
and add example checks in cefclient.
Load libcef.dll with code signing checks.
Add a CefScopedLibraryLoader variant for Windows.
If either the bootstrap executable or the client dll is code signed
then both must be valid (all signatures) and signed with the same
primary certificate. This is a protection against mixing binaries
with different trust levels.
- Repurpose USE_SANDBOX config to enable the bootstrap.
- Build appname.dll instead of appname.exe.
- Copy bootstrap[c].exe to appname.exe as a post-build step.
Fixes the following error:
fail: attribute includes: './' resolves to the workspace root,
which would allow this rule and all of its transitive dependents
to include any file in your workspace. Please include only what
you need.
Bazel's recommendation [1] is to use double quotes instead of
angle brackets.
[1] https://bazel.build/docs/bazel-and-cpp#include-paths
Adds new CefDisplayHandler::OnContentsBoundsChange and
CefDisplayHandler::GetRootWindowScreenRect callbacks.
cefclient: Implement the above callbacks and call
CefBrowserHost::NotifyScreenInfoChanged when the root window
bounds change.
cefclient: osr: Use real screen bounds by default. Pass
`--fake-screen-bounds` for the old default behavior.
Load https://tests/window in cefclient for additional
implementation details and usage examples.
Allow Document picture-in-picture moveTo/By() and resizeTo/By()
(without user gesture) if the new
CefBrowserViewDelegate::AllowMoveForPictureInPicture callback
returns true.
When setting allow_os_execution=true in OnProtocolExecution the
confirmation dialog should display consistently, the load should
be canceled with ERR_ABORTED, and no interstitial error page
should be displayed.
On Linux systems the stack frame reference canary will be purposely
changed when forking sub-processes (see https://crbug.com/40181003).
To avoid sub-process shutdown crashes the NO_STACK_PROTECTOR
annotation must be added to all functions in the call stack leading to
CefExecuteProcess(). Applications that cannot add this annotation must
instead pass the `--change-stack-guard-on-fork=disable` command-line
flag.
