My team has embedded CEF3 (ver.66) and circumvented the sandbox warning dialog.
We still require the browser to "Ask" for the user to allow "Unsandboxed plugin access", or to "Allow" by default, instead if "Blocking", which is what it currently does.
Usually, such a setting is accessed via the site's settings page in browsers like Google Chrome:
However, we cannot facilitate this in our framework and would instead need to set this flag on launch or programmatically.
Note, we have previously integrated various CEF versions (CEF1 v27 -> CEF3 v39, v45, etc) without encountering this issue.
It seems that the setting to allow unsandboxed plugins is off by default, despite disabling general sandboxing for the browser instance via various flags and settings in code.
Any suggestions on which flag(s) to use on launch or how to programmatically achieve this would be greatly appreciated.
-AL.
UPDATE 1
I have written a Chrome extension that is able to set the permission via a background js script :
- Code: Select all
chrome.contentSettings.unsandboxedPlugins.set({
'primaryPattern': "<all_urls>",
'setting': "allow"
});
However, I am not sure what underlying calls in CEF this resolves to, or I'd make the call directly in our own codebase.
I understand that Chrome extensions can not currently be integrated with CEF.
I had hoped that creating the extension would reveal something about the underlying CEF code.
Alas...
I have looked through _cef_browser_settings_t and apart from the plugins setting (which either enables or disables all plugins),
I do not see anything relevant to allowing unsandboxed plugins.
UPDATE 2
After trawling through the CEF source, I noticed this in our own branch, in content_settings.json :
- Code: Select all
"unsandboxedPlugins": {
"$ref": "ContentSetting",
"description": "Whether to allow sites to run plugins unsandboxed.
One of <br><var>allow</var>: Allow sites to run plugins unsandboxed,
<br><var>block</var>: Don't allow sites to run plugins unsandboxed,
<br><var>ask</var>: Ask when a site wants to run a plugin unsandboxed.
<br>Default is <var>ask</var>.
<br>The primary URL is the URL of the top-level frame. The secondary URL is not used.",
"value": [
"ppapi-broker",
{"$ref":"PpapiBrokerContentSetting"}
]
},
where PpapiBrokerContentSetting is defined as:
- Code: Select all
{
"id": "PpapiBrokerContentSetting",
"type": "string",
"enum": ["allow", "block", "ask"]
},
I would love to make changes to this and rebuild CEF, but rebuilding is an extremely arduous process that can take many days.
If anybody could advise on how to modify this so as to force "Allow" by default, it may be worth a rebuild.
My gut feeling is that removing "block" and "ask" from the PpapiBrokerContentSetting definition may achieve this,
but I definitely need confirmation from anybody with some know-how before going down that path.
Originally asked here : https://stackoverflow.com/questions/53101235/launching-cef3-with-unsandboxed-plugin-access-allowed