CEF Forum

I have pulled the binaries for Windows (64 bit) and have it running in our app. But, I cannot link with the cef_sandbox.lib file that came with the binaries as it used the /MT and the debug version used /MTd. I have already found the cef_dll_wrapper project and changed the settings to build it with /MD and /MDd. But, where can I found this sandbox project so I can build a Windows version that I can link with?

Here's hoping the answer isn't to pull the entire repository I found that uses "ninja" in order to build a single lib!

Sandbox support (linking cef_sandbox.lib) is only possible when your application is built with the /MT flag.

So sandbox is just not an option and we have to run with a less secure web system. Rats.

No sandbox due to the /MD switch is causing great concern. Can I restrict rights on the subprocess programmatically in the subprocess? What settings does the sandbox code impose on the subprocess?

OR

I can link the subprocess with /MT if that allows me to turn on the sandbox, say via the command line, in the subprocess itself. I see the command line arg passed to the subprocess. That is, link my real app with /MD as I am doing. Keep both a wrapper dll and lib built with /MD and a wrapper dll and lib built with /MT. Then link the subprocess using /MT and then link to the sandbox lib.

I suppose what I am really getting at is this - If I have my own separate subprocess, does the main process even have to link with the sandbox lib in order for the supbrocess to be sandboxed?

See cef_sandbox_win.h documentation.

I took a look at the include file. It's getting worse, not better. It says I have to use the same process, which I thought was not recommended to begin with?

How does one use CEF to host a simple web page in a dialog of an application that is not a browser application itself, and do so in a safe manner? Beginning to look impossible. This restriction means I cannot even find and obtain all the cef source and build all the DLLs with /MD and build the sandbox lib with /MD as there is no way CEF can realistically use my application as the subprocess host.

Unfortunately the sandbox usage limitations are inherent to the implementation in Chromium and not something that can be changed. You might consider hosting the browser dialog in a separate executable launched by and parented to your application.

If you’re planning to load random web content you will also want to regularly update your application to always have the newest and most secure Chromium version. Hosting the browser in a separate executable might also make that process easier.

I hadn't considered that. In this case the dialog isn't a free standing window, though I think I can still make that work if resizing and other actions don't cause issues. The website is specific to our app and both will communicate with each other making it a three way chain of events. I think first I'll see how much I can restrict the rights of the subprocess.

If you control all content that will be loaded in the browser then having sandbox disabled is not necessarily a big security issue.