Feature Request - Add ability to limit access to JavaScript Bound objects to specific origins #5001
Comments
This should be relatively trivial to add additional information to the
This one would be significantly more work and probably end up being a breaking change. Is there a particular use case where you'd want to block specific methods for specific origins?
Are you planning on submitting a |
|
@amaitland Unfortunately, I am not experienced enough with the CefSharp codebase to submit a PR at this time. However, I would be happy to provide additional details or feedback to assist in defining the scope of the proposed changes. Regarding the particular use case: we want to restrict access to our JavaScript methods registered through the JavaScriptObjectRepository to specific allowed domains. These methods provide critical functionality, such as access to the serial port, local storage, and other sensitive resources. It is essential for us to ensure that unauthorized domains cannot exploit these methods, as that would pose a significant security risk. The ability to restrict access based on the caller's origin—whether through ResolveObject, BindingOptions, or any other mechanism—would be an invaluable feature to secure any implementation. |
amaitland
changed the title
|
Currently you can disable the binding API on a per You can filter network requests to ensure only allowed domains are loaded. |
|
#5021 adds the url to the Likely another event needs to be added |
Problem
In the current implementation of JavaScriptObjectRepository in CefSharp, there is no built-in mechanism to restrict access to registered C# objects based on the domain or URL of the calling JavaScript. This creates a security concern, as any domain loaded in the browser can potentially access these objects and invoke methods, regardless of their origin.
Goal
Our primary goal is to restrict access to registered objects and their methods, ensuring that only specific allowed domains or URLs can interact with them. This is critical for maintaining the security of applications relying on CefSharp for embedding web content.
We have explored all possible solutions using the existing implementation of
JavaScriptObjectRepositoryand related APIs, but none provide a direct or reliable way to enforce domain-based restrictions.Proposed Solutions
To address this issue, we propose three potential enhancements:
JavaScriptObjectRepository.ResolveObject- Extend the ResolveObject method to include the URL or domain of the JavaScript caller as a parameter. This would allow developers to decide dynamically whether to allow or cancel the registration of objects based on the origin of the request.MethodInterceptor- Alternatively, enhance the MethodInterceptor mechanism to include the URL or domain of the caller in its context. This would enable developers to throw exceptions or deny method execution for unauthorized domains.JavaScriptObjectRepositorySettings - A more sophisticated and developer-friendly approach would be to introduce a Settings property in JavaScriptObjectRepository, where allowed domains can be configured. CefSharp itself would handle the validation, automatically restricting access to registered objects based on the caller's URL or domain.I would be glad if we will discuss any other solutions.
Expected Benefits
The text was updated successfully, but these errors were encountered: