Chrome OS apps, asm/wasm.js and PNaCl

319 views
Skip to first unread message

Stefano S.

unread,
Mar 5, 2019, 1:16:11 PM3/5/19
to Chromium OS Development
PNaCl is going to be deprecated soon, and it's supposed to be replaced by wasm,js, even though is going to be supported on Chrome OS apps and extensions for some time.

asm.js/wasm.js is supported on Google extensions, but it's not apparently going to work with Chrome apps, since they have a more restrictive Content-Security-Policy (which you can't edit in the manifest as it can be done with extensions).

On the other hand, Chrome apps are also deprecated (on Chrome/Chromium) and will continue to work only on Chrome OS.

My question: what's one supposed to use for developing a Chrome OS app?

Is wasm/asm.js a valid option (or will it be)? From what I tried I was not able to make the asm.js part of a ported web application work as a Chrome app because of the CSP issue.

As an alternative to wasm/ams.js I see I could use PNaCl, but since it is deprecated for Chrome I wonder how much time it will be supported on Chrome Apps.


TIA, best regards.

Mike Frysinger

unread,
Mar 5, 2019, 2:41:52 PM3/5/19
to Stefano S., Chromium OS Development
let's ignore asm.js as that has no special meaning in Chrome.  it's simply another JavaScript file.  which means it works exactly the same everywhere, and should work perfectly fine in Chrome Apps.

i assume by "wasm.js" you mean "WebAssembly" as "wasm.js" isn't a term i've seen used anywhere.  usually if people want to talk about WebAssembly, they just say "wasm".

i don't understand what you mean about CSP being a problem.  if the JS/wasm modules are bundled in your app, CSP shouldn't block them.  you can load them like any other bundled script.  you're not trying to load files from external websites right ?  if you're trying to inline any calls in html pages, those obviously won't work, but that's not Chrome Apps specific.

what is it about Chrome Apps specifically you want ?  some of the Chrome Apps-specific APIs (like sockets or hardware access) ?  if you don't need those APIs, then there should be no need for Chrome Apps, you can just write an extension like normal.

it'd help if you could post example files/errors that you're seeing.
-mike

--
--
Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
https://groups.google.com/a/chromium.org/group/chromium-os-dev

Reilly Grant

unread,
Mar 5, 2019, 4:44:57 PM3/5/19
to Mike Frysinger, Stefano S., Chromium OS Development
I specifically recall reviewing some patches to update the CSP for Chrome Apps to allow WebAssembly modules so if it isn't working then it is either user error or a bug. Please post the errors you have encountered and links to example code.
Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome

Stefano S

unread,
Mar 6, 2019, 3:36:32 AM3/6/19
to Chromium OS Development, stefano....@nice-software.com
On Tuesday, March 5, 2019 at 8:41:52 PM UTC+1, Mike Frysinger wrote:
let's ignore asm.js as that has no special meaning in Chrome.  it's simply another JavaScript file.  which means it works exactly the same everywhere, and should work perfectly fine in Chrome Apps.

i assume by "wasm.js" you mean "WebAssembly" as "wasm.js" isn't a term i've seen used anywhere.  usually if people want to talk about WebAssembly, they just say "wasm".

Sure, I was mixing WASM and asm.js.

 
i don't understand what you mean about CSP being a problem.  if the JS/wasm modules are bundled in your app, CSP shouldn't block them.  you can load them like any other bundled script.  you're not trying to load files from external websites right ?  if you're trying to inline any calls in html pages, those obviously won't work, but that's not Chrome Apps specific.


I got these errors:

The source list for Content Security Policy directive 'script-src' contains an invalid source: ''wasm-eval''. It will be ignored.
index.html:1 The source list for Content Security Policy directive 'script-src' contains an invalid source: ''wasm-eval''. It will be ignored.
The source list for Content Security Policy directive 'script-src' contains an invalid source: ''wasm-eval''. It will be ignored.
index.html:1 The source list for Content Security Policy directive 'script-src' contains an invalid source: ''wasm-eval''. It will be ignored.
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource: 'wasm-eval'".

This happens when loading an asm.js module. I can create a small self-contained sample if it helps.

When I searched on Google I found this possibly related issue: 

To me this looks like at the moment the CSP is preventing to load the asm.js script (note that I'm using asm.js but that's no blocker, I could switch to WASM if necessary).
 
 
what is it about Chrome Apps specifically you want ?  some of the Chrome Apps-specific APIs (like sockets or hardware access) ?  if you don't need those APIs, then there should be no need for Chrome Apps, you can just write an extension like normal.

I'm especially interested in multi-monitor support, which does not seem to be quite supported with plain web (I'm using the chrome system-display and windows API for that), from what I found I conclude that there is no "native web" solution for that. 

 
it'd help if you could post example files/errors that you're seeing.
-mike

See above, but again, I'm happy to provide a standalone sample if that's useful.

Thank you.

Mike Frysinger

unread,
Mar 6, 2019, 3:46:14 AM3/6/19
to Chromium OS Development
please just attach the example index.html that you're testing with so we don't have to try and guess
-mike

--

Stefano S

unread,
Mar 11, 2019, 12:44:35 PM3/11/19
to Chromium OS Development
On Wednesday, March 6, 2019 at 9:46:14 AM UTC+1, Mike Frysinger wrote:
please just attach the example index.html that you're testing with so we don't have to try and guess

So, at the end asm.js support was not an issue. I'm posting my findings for the archive.

With the current version of chrome I was testing (72.0), the following warning is given when loading asm.js code:
index.html:1 The source list for Content Security Policy directive 'script-src' contains an invalid source: ''wasm-eval''. It will be ignored.

This is reported as an *error* but it's apparently harmless.

The following error was blocking in case I was using a Chrome App (but not a web application):
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem: chrome-extension-resource: 'wasm-eval'".

This was happening because the asm.js code I was using was including "eval".

Latest versions of emscripten are not generating eval aready, also at some point it introduced the option
NO_DYNAMIC_EXECUTION (which is now not needed).

Unfortunately the code I'm using is not working with the code generated by the newest version of emscripten, but that's a completely unrelated issue.

Summarizing, if you're using asm.js with a Chrome app, keep in mind that the generated code should not contain eval, or it will be blocked by the hardcoded CSP.
If you're generating the asm.js code with a recent enough version of emscripten, then there is no issue, otherwise you have to specify the NO_DYNAMIC_EXECUTION flag (or update emscripten).

Thanks, bye.

Mike Frysinger

unread,
Mar 11, 2019, 2:45:20 PM3/11/19
to Stefano S, Chromium OS Development
thanks for the detailed summary!
-mike
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages