Chromium Embedded Framework Forum

[Czarek]

Hi Marshall,

I would like to cache static resources (js/css files) between different browser instances. Let's say I load page in Tab 1, it loads some js/css files. Then I load the same page in Tab 2 and the resources load once again, they are not cached. In Chrome in Tab 2 static resources return http status code 304 Not Modified (cache). In CEF in Tab 2 status code returned is 200 OK. I've tried setting CefSettings.cache_path, but it didn't make any difference. I don't see no other options in CefSettings/CefBrowserSettings.

Tested on Linux. CEF 3 branch 1547 rev. 1491. Chrome 29.0.1547.80.

Best regards,
Czarek

[magreenblatt]

Are you serving the content from the same origin for all tabs via a web server? How are you checking the status code?

[Czarek]

It was a problem reported by some other developer. I have just tested caching behavior by myself using Mongoose webserver with php script and two static resources, on Windows. And everything seems to be working fine. The only difference is that I don't see no 304 requests made to the web server. When I open developer tools, in the column where status code should appear I see "from cache" text. Looks like in my case Chrome/CEF do not perform any redundant requests and use the cache immediately. I need to investigate further the use case by the developer that reported it and will report back here when I know more details.

[Czarek]

It turns out the problem occurs when using HTTPS connections. It is also reproducible in Chrome, so it's most probably web server configuration issue.

[Czarek]

Chromium doesn't cache resources when there is a certificate error. We're using self-signed SSL certificates on private networks. This is a private IP infrastructure (192.168.*) so I don't think getting a signed certificate is a viable solution (see comment #14 and comment #5).

Found this issue in Chromium:
https://code.google.com/p/chromium/issu ... ?id=103875

According to comment #5 it worked fine before Chromium 15. Caching with certificate errors works fine with other browsers (IE, Firefox), Chromium seems to be the only exception.

This is quite a big issue for us, if you have some big flash file on a website it gets downloaded every time. It would be enough if we could just allow an in-memory cache for a session.

I understand that for Chromium this security feature might have some sense to protect users. But in case of CEF when it is used in custom applications with internal web servers we should be able to ignore this certificate errors and allow caching. It could be a CefSettings option.

Marshall, do you have any ideas?
Any suggestions on how can I fix it in Chromium/CEF source code, where to look for?
Would you be interested in a patch to add it to CEF?

[magreenblatt]

I don't know what changes are required. If they are minimal and have no other affects I would consider them for inclusion.

[Czarek]

I've digged through Chromium source code and I think I've found it in http_cache_transaction.cc. Looks like it will be only one line of code to add.

https://code.google.com/p/chromium/code ... ROK&l=2280

Code: Select all

  // Do not cache no-store content (unless we are record mode).  Do not cache
  // content with cert errors either.  This is to prevent not reporting net
  // errors when loading a resource from the cache.  When we load a page over
  // HTTPS with a cert error we show an SSL blocking page.  If the user clicks
  // proceed we reload the resource ignoring the errors.  The loaded resource
  // is then cached.  If that resource is subsequently loaded from the cache,
  // no net error is reported (even though the cert status contains the actual
  // errors) and no SSL blocking page is shown.  An alternative would be to
  // reverse-map the cert status to a net error and replay the net error.
  if ((cache_->mode() != RECORD &&
       response_.headers->HasHeaderValue("cache-control", "no-store")) ||
      net::IsCertStatusError(response_.ssl_info.cert_status)) {
    DoneWritingToEntry(false);
    if (net_log_.IsLogging())
      net_log_.EndEvent(NetLog::TYPE_HTTP_CACHE_WRITE_INFO);
    return OK;
  }


I think this will do the job:

Code: Select all

      ..
       response_.headers->HasHeaderValue("cache-control", "no-store")) ||
      (!cache_.get().GetSession().ignore_certificate_errors &&
       net::IsCertStatusError(response_.ssl_info.cert_status))) {
     ..


It still needs to be tested. Will let know the results.

[Czarek]

After minor changes the patch works fine. I've verified and it fixes HTTPS cache issues on sites with SSL certificate errors. Tested with cefclient on Windows (CEF 3 branch 1650 revision 1646) and nginx web server running on Ubuntu.

Code: Select all

File: net/http/http_cache_transaction.cc
Method: HttpCache::Transaction::WriteResponseInfoToEntry
---------------------------------------------------------------
- net::IsCertStatusError(response_.ssl_info.cert_status)) {
+ (!cache_->GetSession()->params().ignore_certificate_errors &&
+ net::IsCertStatusError(response_.ssl_info.cert_status))) {

Should I create an issue in the tracker? I don't have patch for the trunk, only for branch 1650. I've checked Chromium trunk and the code still looks the same.

[magreenblatt]

Given the security-sensitive nature of this change and the comments in the Chromium issue I don't think we should include this change in CEF at this time.

[Czarek]

Okay.
Just to clarify, this patch changes the caching behavior only when "ignore_certificate_errors" is set to true.