Chromium Embedded Framework Forum

[digory]

Chrome supports policies such as AuthServerAllowlist, AuthSchemes and many more. According to the old thread https://magpcss.org/ceforum/viewtopic.php?f=6&t=15647, CEF does not support Chrome policies, but there may be command line switches for the same effect. Is there any switch for AuthServerAllowlist and AuthSchemes? Is there any other chance how I could specifiy these policies in CEF?

This even older thread https://www.magpcss.org/ceforum/viewtop ... =6&t=14176 had the same question, but there was no answer.

[amaitland]

I think you mean command line switch (argument) as a compiler switch would be used when building from source.

There are also preferences see viewtopic.php?f=6&t=17450#p45038 for a likely related discussion.

[digory]

Yes, I mean command line switches, sorry. I edited the question.

Thanks for the link, this seems to be the answer at least for AuthServerAllowlist. Maybe AuthSchemes also has an equivalent in the preferences.

[amaitland]

From memory cefclient has a test webpage that gets a List of all preferences at runtime.

[digory]

I misinterpreted the linked forum post. It does not work via preferences, but it should work via command line switch. There is a switch "auth-server-whitelist" that should be the same as the AuthServerAllowlist policy. I found a list of Chromium command line switches (https://peter.sh/experiments/chromium-c ... -switches/) but I can't find any switch for AuthSchemes.

Is there a way to set the AuthSchemes policy?

[amaitland]

That's not how I read it. Did you test? If so what does your code look like?

You might need to search the chromium source to see what AuthSchemes maps to.

[digory]

I didn't try. From the post:

The "auth.server_whitelist" preference should be supported currently if NetworkService is enabled. However, it needs to be set very early during Chromium initialization on the PrefService object returned from BrowserProcess::local_state(). There is no exposed API for that currently.

and later down:

1. You cannot set the "auth.server_whitelist" preference.
2. You should be able to set the "auth-server-whitelist" command-line switch.

I'll have a look at the Chromium source.

[amaitland]

The code was refactored last year when support for the chrome runtime was added. Context initialization changed quite a bit.

Be worth testing if you haven't to see if it works now.

[digory]

It's hard to test it, because I would need to test it in our client's environment. So, I have to find a fix that I'm pretty sure that should work, and send the fixed product to the client to test it.

If I get the browser host's host->GetRequestContext()->GetAllPreferences(true), I should get all the prefs values including those with default values, right? When I recursively iterate over the dictionary, I see a lot of prefs values:

Code: Select all

accessibility
   show_internal_accessibility_tree = false
account_id_migration_state = 0
account_info =
account_tracker_service_last_update = 0
alternate_error_pages
   enabled = true
apps
   fullscreen
      allowed = true
auth
   allow_cross_origin_prompt = false
   ambient_auth_in_private_modes = 0
   globally_scoped_http_auth_cache_enabled = false
autogenerated
   theme
      color = 0
      policy
         color = 0
...and so on...


However, grepping this list for "scheme" yields no result, and, interestingly, grepping for "whitelist" only yields "native_messaging.whitelist" and "safebrowsing.safe_browsing_whitelist_domains". So, either there is no such preference any more, or GetAllPreferences does not return all preferences.

In Chromium source, I found in chrome/browser/policy/configuration_policy_handler_list_factory.cc:

Code: Select all

{ key::kAuthSchemes,
    prefs::kAuthSchemes,
    base::Value::Type::STRING }


In chrome/common/pref_names.cc, prefs::kAuthSchemes is defined as "auth.schemes". So, I'm going to try setting this and "auth.server_whitelist" even though both don't appear in GetAllPreferences...

[amaitland]

Make sure to set the preferences in OnContextInitialized