This restores the default site isolation mode for Chromium on desktop
platforms. Unit tests have been updated to reflect the new behavior
expectations.
Known behavior changes in CEF are as follows:
- A spare renderer process may be created on initial browser creation or cross-
origin navigation. This spare process may be used with a future cross-origin
navigation or discarded on application shutdown. As a result
CefRenderProcessHandler::OnRenderThreadCreated, which is called shortly after
renderer process creation, can no longer be used to reliably transfer state
for the currently in-progress navigation. Unit tests have been updated to use
the CreateBrowser/OnBeforePopup |extra_info| value for transferring test state
to CefRenderProcessHandler::OnBrowserCreated which will be called in the
correct/expected renderer process.
- Cross-origin navigations will again receive a new renderer process, as
expected. This behavior had briefly regressed in M78 due to the
ProcessSharingWithDefaultSiteInstances feature becoming enabled by default.
- Cross-origin navigations initiated by calling LoadURL in the renderer process
will now crash that process with "bad IPC message" reason
INVALID_INITIATOR_ORIGIN (213). This is a security feature implemented in
Chromium.
- A DevTools browser created using CefBrowserHost::ShowDevTools will receive
the same CefRenderProcessHandler::OnBrowserCreated |extra_info| value that was
set via CreateBrowser/OnBeforePopup for the parent browser.
This reverts commit 2cf916e6d5.
This change causes linker errors with third-party projects using VS2019 that also link openssl.
cef_sandbox.lib(err.obj) : error LNK2005: _ERR_get_error already defined in websockets.lib(mbedtls-client.obj)
cef_sandbox.lib(err.obj) : error LNK2005: _ERR_error_string already defined in websockets.lib(ssl_lib.obj)
cef_sandbox.lib(err.obj) : error LNK2005: _ERR_error_string_n already defined in websockets.lib(ssl_lib.obj)
cef_sandbox.lib(err.obj) : error LNK2005: _ERR_free_strings already defined in websockets.lib(ssl_lib.obj)
Requests from the PDF viewer are not associated with a CefBrowser. Consequently,
the InterceptedRequestHandler for those requests will register as an observer of
CefContext destruction. When the browser is closed the InterceptedRequestHandler
is destroyed and an async task is posted to remove/delete the observer on the UI
thread. If CefShutdown is then called the task may execute after shutdown has
started, in which case CONTEXT_STATE_VALID() will return false. We still need to
remove the observer in this case to avoid a use-after-free in
FinishShutdownOnUIThread.
Modifying the URL in OnBeforeResourceLoad causes an internal redirect response.
In cases where the request is cross-origin and credentials mode is 'include'
the redirect response must include the "Access-Control-Allow-Credentials"
header, otherwise the request will be blocked.
Remove the local thread object in favor of setting the ui_thread_ field
directly. This avoids the race between ui_thread_.swap(thread) and
CefUIThread::InitializeBrowserRunner.
When NetworkService is enabled requests created using CefFrame::CreateURLRequest
will call CefRequestHandler::GetAuthCredentials for the associated browser after
calling CefURLRequestClient::GetAuthCredentials if that call returns false.
For 303 redirects all request methods except HEAD are converted to GET as per
the latest http draft. For historical reasons the draft also allows POST
requests to be converted to GETs when following 301/302 redirects. Most major
browsers do this and so shall we. When a request is converted to GET any POST
data should also be removed.
Use 307 redirects instead if you want the request to be repeated using the same
method and POST data.
Modifying the URL in OnBeforeResourceLoad causes an internal redirect response.
In cases where the request is cross-origin (containing a non-null "Origin"
header) the redirect response must include the "Access-Control-Allow-Origin"
header, otherwise the request will be blocked.
This change also fixes a problem where existing request headers would be
discarded if the request was modified in OnBeforeResourceLoad.
Initialization of request objects requires asynchronous hops between the UI and
IO threads. In some cases the browser may be destroyed, the mojo connection may
be aborted, or the ProxyURLLoaderFactory object may be deleted while
initialization is still in progress. This change fixes crashes and adds unit
tests that try to reproduce these conditions.
To test: Run `ceftests --gtest_repeat=50
--gtest_filter=ResourceRequestHandlerTest.Basic*Abort*`
Marshall Greenblatt
Iain Apreotesei@Arm
Maksim Sisov
Alexander Guettler
Riku Palomäki
Dmitry Azaraev
Rob Sussman
Ananyo Maiti
Alwin Esch
Masako Toda
Isaac Devine
Petra Öhlin