Chromium Embedded Framework Forum

by **rado** » Sat Apr 15, 2017 6:36 am

It seems in CEF navigating to HTTP page which meets this requirements:
https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn

does not work, it just loads nothing, not even some warning. Is there some switch or something I can do to ignore password forms on HTTP and make it working without any action from user required?
Thank you.

by **rado** » Sat Apr 15, 2017 6:59 am

I've found somebody is using this parameter, but it does not help: --mark-non-secure-as=neutral
I'm afraid the "neutral" is not valid value.

by **Czarek** » Sat Apr 15, 2017 7:09 am

The only valid value seems to be "non-secure". Ref: https://cs.chromium.org/chromium/src/co ... pe=cs&l=12

by **rado** » Sat Apr 15, 2017 7:17 am

Czarek wrote:The only valid value seems to be "non-secure". Ref: https://cs.chromium.org/chromium/src/co ... pe=cs&l=12

I was afraid of that, but I was not sure, I'm not familiar with chromium sources. But it is possible to set it to "Always mark HTTP as neutral" in Chrome using "chrome://flags/#mark-non-secure-as" so it is supported in the chromium core somehow. We need to support it in CEF

Some callback or option if there is not some already, but I cannot find it.

by **magreenblatt** » Sat Apr 15, 2017 9:34 am

Are you actually sending CC/password info over the network with HTTP, or are you intercepting the requests in your application?

by **rado** » Sat Apr 15, 2017 1:00 pm

magreenblatt wrote:Are you actually sending CC/password info over the network with HTTP, or are you intercepting the requests in your application?

My application is sending password using HTTP to 3rd party site which does not provide HTTPS.

by **rado** » Sun Apr 30, 2017 3:25 pm

Is there chance we could have solved this in CEF?
Things are going to be even worse, making CEF/chromium unusable for me

https://blog.chromium.org/2017/04/next-steps-toward-more-connection.html

by **Czarek** » Sun Apr 30, 2017 11:05 pm

Can you provide example to reproduce?

by **rado** » Mon May 01, 2017 3:39 am

Oh I apologize, it was my stupid mistake

I haven't noticed the site redirected HTTP to HTTPS with invalid certificate so it failed for different reason, not because of password form on HTTP. The request and redirect is not even visible in developer console in chrome, I had to check it in IE developer console.

by **Czarek** » Mon May 01, 2017 5:27 am

Everyone makes mistakes.

Chromium Embedded Framework Forum

CC/password forms on non secure pages (HTTP)

CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Re: CC/password forms on non secure pages (HTTP)

Who is online