Browser View crashes with legacy app

[pdwiki]

Hello,

We have a legacy application running in our organization from Chromium version 32 onwards which runs using the url chrome://taskmanagement/. There were certain reasons why Chromium was modified to setup this url.

When we go to this url it has a login page. Clicking on the login does an AJAX request to verify the credentials and then loads a page from the local server. This worked fine till like 6 months ago when we updated to Chromium 74.x. Whenever someone tries to login the view crashes on the AJAX call and the "oh snap" graphic comes up. We have upgraded to version 77.0.3853.0 and this AJAX crash issue is there. We have tried removing all our code and keeping a simple AJAX call on our application page and that crashes too. We are getting the following error message:

[17228:20592:1103/012629.959:ERROR:bad_message.cc(27)] Terminating renderer for bad IPC message, reason 185
[17228:20592:1103/012632.143:ERROR:activity_tracker.cc(1463)] Recording exit of unknown process #15760

Is this due to the CORS update to the code? If it is then is there somehow we can disable the CORS requirement so we can keep on using our application? 

Thanks in advance.

[Avi Drissman]

Reason 185 is WEBUI_BAD_SCHEME_ACCESS, which was added in https://crrev.com/c/758301 as a security feature. I don't know much about this, though a simple answer seems to be to not put your internal site on a chrome:// page.

+John Abd-El-Malek who might have further comment.

Avi

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/9eaa4415-d33a-4e13-99a7-35cd9ddaa378%40chromium.org.

[pdwiki]

Thank you for your reply. I do see that this is where the request is failing in the src/content/browser/webui/web_ui_url_loader_factory.cc file where scheme_ is chrome and request.url.scheme() is https.

if (request.url.scheme() != scheme_) {
      DVLOG(1) << "Bad scheme: " << request.url.scheme();
      ReceivedBadMessage(render_frame_host_->GetProcess(),
                         bad_message::WEBUI_BAD_SCHEME_ACCESS);
      client->OnComplete(network::URLLoaderCompletionStatus(net::ERR_FAILED));
      return;
}

This internal page runs in a sidebar at all times using the SingleSplitView. Due to internal reasons, we have to keep it in the sidebar. I am not sure if using OverrideContentSecurityPolicyScriptSrc in our sidebar WebUIDataSource will help. Looking for suggestions as to how to somehow get this to work as revamping our internal site is not an option right now and we don't want to be stuck in an outdated version of Chromium either.

Thanks.

On Sunday, November 3, 2019 at 5:43:50 PM UTC-6, Avi Drissman wrote:

Reason 185 is WEBUI_BAD_SCHEME_ACCESS, which was added in https://crrev.com/c/758301 as a security feature. I don't know much about this, though a simple answer seems to be to not put your internal site on a chrome:// page.

+John Abd-El-Malek who might have further comment.

Avi

On Sun, Nov 3, 2019 at 1:33 AM pdwiki <prab...@gmail.com> wrote:

Hello,

We have a legacy application running in our organization from Chromium version 32 onwards which runs using the url chrome://taskmanagement/. There were certain reasons why Chromium was modified to setup this url.

When we go to this url it has a login page. Clicking on the login does an AJAX request to verify the credentials and then loads a page from the local server. This worked fine till like 6 months ago when we updated to Chromium 74.x. Whenever someone tries to login the view crashes on the AJAX call and the "oh snap" graphic comes up. We have upgraded to version 77.0.3853.0 and this AJAX crash issue is there. We have tried removing all our code and keeping a simple AJAX call on our application page and that crashes too. We are getting the following error message:

[17228:20592:1103/012629.959:ERROR:bad_message.cc(27)] Terminating renderer for bad IPC message, reason 185
[17228:20592:1103/012632.143:ERROR:activity_tracker.cc(1463)] Recording exit of unknown process #15760

Is this due to the CORS update to the code? If it is then is there somehow we can disable the CORS requirement so we can keep on using our application? 

Thanks in advance.

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromi...@chromium.org.

[pdwiki]

If someone could give me a pointer as to how to proceed here it will be very much appreciated. Thanks in advance.

[Yuta Kitamura]

chrome:// URLs are treated very specially, and it's generally a very bad idea to host arbitrary contents (which is unknown to the browser beforehand) in it -- the pages may have access to various privileged APIs. Since it's a security measure, you shouldn't work around the error, and should fix your design instead.

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-dev...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/066923ec-b739-4a54-bc3f-4496ed345091%40chromium.org.

[Prabal]

I understand what you mean but here is the use-case. We have split the browser view into a left pane and a right pane. When our organization employees login, our legacy office app is loaded into the right pane. This is for viewing various data from within our network which is important to us. We don't have the liberty to dump the legacy app since it would be very costly to redevelop it all over again and our organization cannot afford it. This right panel is where we are having problems. It is crashing at a AJAX call over the network since the originating url is a chrome:// url but the target url for the AJAX call is a LAN IP.

[PhistucK]

Why do you need chrome:// URLs at all?

Maybe an extension with a <webview> (I think extensions support this one) could solve your problem better?

☆PhistucK

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CANgM4xNxPO70Udrd84z%2BK3u2TbtHLVHhqXhdsyrtHRQgZA1Jag%40mail.gmail.com.

[Prabal]

The legacy app we have keeps track of certain links the employees visit. Some data elements are passed to it from the omnibox too. That is why it is built as a chrome:// URL. Maybe it can be rebuilt as an extension but our organization does not have the funds for that yet. Since we only run the build of Chromium on our organization computers, it would be a more cost-effective solution if we could figure out how to do a AJAX call from our view to our LAN IP. I am sure if the AJAX call works and it catches the returned data without the view crashing, the rest of the legacy app will function properly. Any pointers will be very much appreciated.

Thank you.