1. 技术文章
  2. How to restrict CefSharp Browser to given domain

How to restrict CefSharp Browser to given domain

房东的猫 提交于 2019-12-09 13:40:00

问题


I would like to prevent my application to display web pages other than from a certain domain (i.e. example.com).

My initial idea was to check the request URL in the OnBeforeBrowse event handler.

public bool OnBeforeBrowse(IWebBrowser browser, IRequest request, bool isRedirect)
{
  return !IsPageAllowed(request.Url);
}

This looks doable, except for the fact that all embedded resources on a allowed page are also triggering this event.
For example, i have a YouTube video embedded on my page there are two additional requests triggered by the video element. If i cancel those requests, video is not rendered at all.
Here is a simple log output from my request:

15:09:22.5809442 - OnBeforeBrowse: http://example.com/, TransitionType=LinkClicked, isRedirect=False
15:09:22.6705460 - OnBeforeBrowse: http://www.youtube.com/embed/XYZ, TransitionType=LinkClicked, isRedirect=False
15:09:22.7715542 - OnBeforeBrowse: http://www.youtube.com/embed/XYZ, TransitionType=LinkClicked, isRedirect=True
15:09:25.1232542 - OnBeforeBrowse: http://not-allowed-domain.com TransitionType=LinkClicked, isRedirect=False

Further more, if i try to navigate away from the allowed page by clicking on a external link (with disabled restriction check), i get new event and isRedirect flag is set to False, which is quite confusing.

Thanks


回答1:


In my project I've implemented the following solution:

  1. There is necessity of the prepared list of trusted URLs or/and domains:
    2. 
    HashSet whiteList = new HashSet() {
        "http://example.com/",
        "http://www.youtube.com/embed/",
        ...
    }
  2. Filtering and blocking - in CefRenderProcessHandler.OnBeforeNavigation()



回答2:


In CEF use CefRequest.GetTransitionType():

  ///
  // Get the transition type for this request. Only available in the browser
  // process and only applies to requests that represent a main frame or
  // sub-frame navigation.
  ///
  /*--cef(default_retval=TT_EXPLICIT)--*/
  virtual TransitionType GetTransitionType() =0;

Check this value against bit flags that can tell you if this is a main frame or a subframe:

///
// Transition type for a request. Made up of one source value and 0 or more
// qualifiers.
///
typedef enum {
  ///
  // Source is a link click or the JavaScript window.open function. This is
  // also the default value for requests like sub-resource loads that are not
  // navigations.
  ///
  TT_LINK = 0,

  ///
  // Source is some other "explicit" navigation action such as creating a new
  // browser or using the LoadURL function. This is also the default value
  // for navigations where the actual type is unknown.
  ///
  TT_EXPLICIT = 1,

  ///
  // Source is a subframe navigation. This is any content that is automatically
  // loaded in a non-toplevel frame. For example, if a page consists of several
  // frames containing ads, those ad URLs will have this transition type.
  // The user may not even realize the content in these pages is a separate
  // frame, so may not care about the URL.
  ///
  TT_AUTO_SUBFRAME = 3,

  ///
  // Source is a subframe navigation explicitly requested by the user that will
  // generate new navigation entries in the back/forward list. These are
  // probably more important than frames that were automatically loaded in
  // the background because the user probably cares about the fact that this
  // link was loaded.
  ///
  TT_MANUAL_SUBFRAME = 4,

  ///
  // Source is a form submission by the user. NOTE: In some situations
  // submitting a form does not result in this transition type. This can happen
  // if the form uses a script to submit the contents.
  ///
  TT_FORM_SUBMIT = 7,

  ///
  // Source is a "reload" of the page via the Reload function or by re-visiting
  // the same URL. NOTE: This is distinct from the concept of whether a
  // particular load uses "reload semantics" (i.e. bypasses cached data).
  ///
  TT_RELOAD = 8,

  ///
  // General mask defining the bits used for the source values.
  ///
  TT_SOURCE_MASK = 0xFF,

  // Qualifiers.
  // Any of the core values above can be augmented by one or more qualifiers.
  // These qualifiers further define the transition.

  ///
  // Attempted to visit a URL but was blocked.
  ///
  TT_BLOCKED_FLAG = 0x00800000,

  ///
  // Used the Forward or Back function to navigate among browsing history.
  ///
  TT_FORWARD_BACK_FLAG = 0x01000000,

  ///
  // The beginning of a navigation chain.
  ///
  TT_CHAIN_START_FLAG = 0x10000000,

  ///
  // The last transition in a redirect chain.
  ///
  TT_CHAIN_END_FLAG = 0x20000000,

  ///
  // Redirects caused by JavaScript or a meta refresh tag on the page.
  ///
  TT_CLIENT_REDIRECT_FLAG = 0x40000000,

  ///
  // Redirects sent from the server by HTTP headers.
  ///
  TT_SERVER_REDIRECT_FLAG = 0x80000000,

  ///
  // Used to test whether a transition involves a redirect.
  ///
  TT_IS_REDIRECT_MASK = 0xC0000000,

  ///
  // General mask defining the bits used for the qualifiers.
  ///
  TT_QUALIFIER_MASK = 0xFFFFFF00,
} cef_transition_type_t;


来源:https://stackoverflow.com/questions/28346572/how-to-restrict-cefsharp-browser-to-given-domain

标签
wpf
chromium-embedded
cefsharp
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!