-
-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request - Add ability to limit access to JavaScript Bound objects to specific origins #5001
Comments
This should be relatively trivial to add additional information to the
This one would be significantly more work and probably end up being a breaking change. Is there a particular use case where you'd want to block specific methods for specific origins?
Are you planning on submitting a |
@amaitland Unfortunately, I am not experienced enough with the CefSharp codebase to submit a PR at this time. However, I would be happy to provide additional details or feedback to assist in defining the scope of the proposed changes. Regarding the particular use case: we want to restrict access to our JavaScript methods registered through the JavaScriptObjectRepository to specific allowed domains. These methods provide critical functionality, such as access to the serial port, local storage, and other sensitive resources. It is essential for us to ensure that unauthorized domains cannot exploit these methods, as that would pose a significant security risk. The ability to restrict access based on the caller's origin—whether through ResolveObject, BindingOptions, or any other mechanism—would be an invaluable feature to secure any implementation. |
Currently you can disable the binding API on a per You can filter network requests to ensure only allowed domains are loaded. |
#5021 adds the url to the Likely another event needs to be added |
#4475 would also need to be resurrected as the caching in the render process would be a problem. |
Problem
In the current implementation of JavaScriptObjectRepository in CefSharp, there is no built-in mechanism to restrict access to registered C# objects based on the domain or URL of the calling JavaScript. This creates a security concern, as any domain loaded in the browser can potentially access these objects and invoke methods, regardless of their origin.
Goal
Our primary goal is to restrict access to registered objects and their methods, ensuring that only specific allowed domains or URLs can interact with them. This is critical for maintaining the security of applications relying on CefSharp for embedding web content.
We have explored all possible solutions using the existing implementation of
JavaScriptObjectRepository
and related APIs, but none provide a direct or reliable way to enforce domain-based restrictions.Proposed Solutions
To address this issue, we propose three potential enhancements:
JavaScriptObjectRepository.ResolveObject
- Extend the ResolveObject method to include the URL or domain of the JavaScript caller as a parameter. This would allow developers to decide dynamically whether to allow or cancel the registration of objects based on the origin of the request.MethodInterceptor
- Alternatively, enhance the MethodInterceptor mechanism to include the URL or domain of the caller in its context. This would enable developers to throw exceptions or deny method execution for unauthorized domains.JavaScriptObjectRepository
Settings - A more sophisticated and developer-friendly approach would be to introduce a Settings property in JavaScriptObjectRepository, where allowed domains can be configured. CefSharp itself would handle the validation, automatically restricting access to registered objects based on the caller's URL or domain.I would be glad if we will discuss any other solutions.
Expected Benefits
The text was updated successfully, but these errors were encountered: