CEF3: CefAddCrossOriginWhitelistEntry problem

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

CEF3: CefAddCrossOriginWhitelistEntry problem

Postby MartinM » Tue Apr 01, 2014 5:31 am

Hello,

I registered my own protocol handler and try to whitelist it for XMLHttpRequests, but it doesn't work as expected.

Registering the protocol handler is essentially equivalent to the scheme_test of the cefclient example. Here are the relevant bits:
Code: Select all
void RegisterCustomSchemes(CefRefPtr<CefSchemeRegistrar> registrar, std::vector<CefString>& cookieable_schemes)
{
   registrar->AddCustomScheme("arb", true, false, false);
}

void InitSchemes()
{
   CefRegisterSchemeHandlerFactory("arb", "database", new ClientSchemeHandlerFactory());
}

My protocol is called arb and the domain name is database, as you can see.

Now registering a whitelist entry I'm trying this:
Code: Select all
CefAddCrossOriginWhitelistEntry("http://localhost:8000", "arb", "database", false);


But the following AJAX call fails: "arb://database/people.html" with the message:
Code: Select all
[0401/103050:INFO:CONSOLE(0)] "XMLHttpRequest cannot load arb://database/people.html?term=bla. Cross origin requests are only supported for HTTP.", source: http://localhost:8000/index.html#/radiograph/new (0)


However, if i omit the target_domain parameter like this, it works:
Code: Select all
CefAddCrossOriginWhitelistEntry("http://localhost:8000", "arb", "", true);


Did I miss something?

Thanks in advance :)
MartinM
Techie
 
Posts: 25
Joined: Wed Nov 07, 2012 5:21 am

Re: CEF3: CefAddCrossOriginWhitelistEntry problem

Postby magreenblatt » Tue Apr 01, 2014 10:03 pm

Some of the code in Blink related to cross-site scripting expects a top-level domain. You might try database.com (or similar) for potentially better results.

Are you using synchronous XHR? If so, blink hard-codes the http requirement. See http://code.google.com/p/chromiumembedd ... ail?id=950.
magreenblatt
Site Admin
 
Posts: 12384
Joined: Fri May 29, 2009 6:57 pm

Re: CEF3: CefAddCrossOriginWhitelistEntry problem

Postby MartinM » Wed Apr 02, 2014 5:09 am

Hi, thanks for your answer. It is an asynchronous XHR request. I am utilizing the AngularJS $http service.

Unfortunately database.com didn't work either :(

I changed the following lines of code:
Code: Select all
CefRegisterSchemeHandlerFactory("arb", "database.com", new ClientSchemeHandlerFactory());

Code: Select all
CefAddCrossOriginWhitelistEntry("http://localhost:8000", "arb", "database.com", false);


But the result is the same:
Code: Select all
"XMLHttpRequest cannot load arb://database.com/people.html?term=bla. Cross origin requests are only supported for HTTP.", source: http://localhost:8000/index.html#/radiograph/new (0)


I am running the latest build of branch 1750 using VS 2012. Windows 32bit, 2014-03-13, CEF 3.1750.1638 (cefsimple).

Should I add a bug report? I can live with the workaround mentioned in the first post (empty domain name for whitelist entry).
But I'd like to help. Am I able to debug the libcef code by adding the symbol file to my project? (Never tried that before)
MartinM
Techie
 
Posts: 25
Joined: Wed Nov 07, 2012 5:21 am

Re: CEF3: CefAddCrossOriginWhitelistEntry problem

Postby magreenblatt » Wed Apr 02, 2014 1:27 pm

Are you implementing CefApp::OnRegisterCustomSchemes in both the browser and renderer processes?

If you're interested in debugging the problem you'll likely need to build CEF/Chromium from source code. The error that you're seeing is generated in DocumentThreadableLoader::makeCrossOriginAccessRequest which calls SchemeRegistry::shouldTreatURLSchemeAsCORSEnabled. This value is set by CEF's call to WebSecurityPolicy::registerURLSchemeAsCORSEnabled in CefContentRendererClient::WebKitInitialized.
magreenblatt
Site Admin
 
Posts: 12384
Joined: Fri May 29, 2009 6:57 pm

Re: CEF3: CefAddCrossOriginWhitelistEntry problem

Postby MartinM » Thu Apr 10, 2014 3:09 am

magreenblatt wrote:Are you implementing CefApp::OnRegisterCustomSchemes in both the browser and renderer processes?

Oopsie. It wasn't implemented at all. I forgot the delegate. :oops:

First of all, I got it all working now, but I had to change a few things. More on that later.

As far as I can see OnRegisterCustomSchemes() is only implemented in the browser process. Correct me if I'm wrong. I added the following delegate in simple_app_delegates.cpp
Code: Select all
void SimpleApp::RegisterCustomSchemes(
    CefRefPtr<CefSchemeRegistrar> registrar,
    std::vector<CefString>& cookiable_schemes) {
  scheme_arb::RegisterCustomSchemes(registrar, cookiable_schemes);
}

whereas SimpleApp only implements CefApp and CefBrowserProcessHandler. The CefApp method OnRegisterCustomSchemes() calls RegisterCustomSchemes(), which is implemented by the delegate, which then calls the function scheme_arb::RegisterCustomSchemes(). When I set a breakpoint it only gets called once. In the browser process I suppose?

My "workaround" with the empty target_domain attribute in CefAddCrossOriginWhitelistEntry() doesn't work anymore. I now get another error message:
Code: Select all
"XMLHttpRequest cannot load arb://database/people.html?term=bla. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8000' is therefore not allowed access.", source: http://localhost:8000/index.html#/radiograph/new (0)


But with a non empty target_domain attribute like "database" in my case, everything works fine:
Code: Select all
CefAddCrossOriginWhitelistEntry("http://localhost:8000", "arb", "database", false);


Well, everything except POST requests. GetPostData() always returns NULL. Deep magic ;)
I found the corresponding Issue #404 is a WontFix. So I switched from arb back to the http scheme for the custom handler and now it all seems to work. :)

Thanks again for your help!
MartinM
Techie
 
Posts: 25
Joined: Wed Nov 07, 2012 5:21 am

Re: CEF3: CefAddCrossOriginWhitelistEntry problem

Postby magreenblatt » Thu Apr 10, 2014 10:26 am

OnRegisterCustomSchemes will be called in most/all processes as documented in cef_app.h. If you don't implement it then you'll get errors like the POST problem that you mention because your custom scheme is not properly registered in that process.

Using the http scheme is recommended as it satisfies the places in Blink that still hard-code http.
magreenblatt
Site Admin
 
Posts: 12384
Joined: Fri May 29, 2009 6:57 pm


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot], ndesktop and 55 guests