--
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedder-dev...@chromium.org.
To post to this group, send email to embedd...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/F74EC822-6026-4A61-83EA-7D758DECAD9F%40gmail.com.
This wasn't a Chrome decision; this is a change from the Google signin team.Let me see if I can hunt down someone who is on that team so that you can have a discussion with them.Avi
On Fri, Apr 19, 2019 at 10:00 AM Marshall Greenblatt <magree...@gmail.com> wrote:
Hi John,--According to [1] Google is planning to block sign-ins from CEF (and presumably Electron) starting in June. This will be a substantial problem for many Chromium embedders who use the project as a “normal” web browser similar to other Chromium-based browsers like Opera and Microsoft. From the announcement it’s unclear how this embedder block can be implemented without also blocking other Chromium-based browsers. Also, presumably, Google will not be blocking sign-in from Mozilla or other “less secure” browsers that are not based on Chromium.Can you provide more details on this restriction and what, specifically, we should expect from the technical implementation?And, finally, I would request that in the future you reach out to the embedder community before making these types of public announcements so that we can fully understand the issue and properly communicate it to our users before they see it as scary news headlines.Thanks,Marshall
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedder-dev+unsubscribe@chromium.org.
It would also be great to know how this is detected, and whether there's anything that CEF/Electron could do differently that would make the signin team comfortable with re-enabling it.
Which is to say, please include me in that conversation :)
On Friday, April 19, 2019 at 7:06:42 AM UTC-7, Avi Drissman wrote:
This wasn't a Chrome decision; this is a change from the Google signin team.Let me see if I can hunt down someone who is on that team so that you can have a discussion with them.Avi
On Fri, Apr 19, 2019 at 10:00 AM Marshall Greenblatt <magree...@gmail.com> wrote:
Hi John,--According to [1] Google is planning to block sign-ins from CEF (and presumably Electron) starting in June. This will be a substantial problem for many Chromium embedders who use the project as a “normal” web browser similar to other Chromium-based browsers like Opera and Microsoft. From the announcement it’s unclear how this embedder block can be implemented without also blocking other Chromium-based browsers. Also, presumably, Google will not be blocking sign-in from Mozilla or other “less secure” browsers that are not based on Chromium.Can you provide more details on this restriction and what, specifically, we should expect from the technical implementation?And, finally, I would request that in the future you reach out to the embedder community before making these types of public announcements so that we can fully understand the issue and properly communicate it to our users before they see it as scary news headlines.Thanks,Marshall
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedder-dev...@chromium.org.
To post to this group, send email to embedd...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/F74EC822-6026-4A61-83EA-7D758DECAD9F%40gmail.com.
--
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedder-dev...@chromium.org.
To post to this group, send email to embedd...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/0d27c900-a949-455e-8f7e-d097a708b7be%40chromium.org.
Thank you for your feedback and concerns. I'm in touch internally with the team who made this announcement and hope to be able to have something to say soon.Avi
--
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedder-dev...@chromium.org.
To post to this group, send email to embedd...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/975ff1b2-157a-453a-84c2-0f1dfcf39974%40chromium.org.
--
We would love to get more information on how this is going to be implemented.
Within the SketchUp 3D modeler, we depend on CEF, and around half of our millions of users use Google sign-in when logging into our desktop clients.
We're worried that kicking our users into the system browser to complete login will be disruptive and alarming. We're also worried about hosting a web server on each user's machine to complete login. We imagine hitting firewall issues, and lots of other problems on corporate networks. We'd love to know if there's any way we can get an exception to this policy.
Thanks for any information.
On Tuesday, April 23, 2019 at 7:54:47 AM UTC-6, Daniel Bratell wrote:
While CEF was specifically named in the blog post, I also don't know how it is different from any other Chromium based product (like Opera). Is this going to be controlled by the API key or similar?/DanielOn Fri, 19 Apr 2019 18:07:44 +0200, <jer...@chromium.org> wrote:
It would also be great to know how this is detected, and whether there's anything that CEF/Electron could do differently that would make the signin team comfortable with re-enabling it.
Which is to say, please include me in that conversation :)
On Friday, April 19, 2019 at 7:06:42 AM UTC-7, Avi Drissman wrote:
This wasn't a Chrome decision; this is a change from the Google signin team.Let me see if I can hunt down someone who is on that team so that you can have a discussion with them.Avi
On Fri, Apr 19, 2019 at 10:00 AM Marshall Greenblatt <magree...@gmail.com> wrote:
Hi John,--According to [1] Google is planning to block sign-ins from CEF (and presumably Electron) starting in June. This will be a substantial problem for many Chromium embedders who use the project as a “normal” web browser similar to other Chromium-based browsers like Opera and Microsoft. From the announcement it’s unclear how this embedder block can be implemented without also blocking other Chromium-based browsers. Also, presumably, Google will not be blocking sign-in from Mozilla or other “less secure” browsers that are not based on Chromium.Can you provide more details on this restriction and what, specifically, we should expect from the technical implementation?And, finally, I would request that in the future you reach out to the embedder community before making these types of public announcements so that we can fully understand the issue and properly communicate it to our users before they see it as scary news headlines.Thanks,Marshall
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedd...@chromium.org.
To post to this group, send email to embedd...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/F74EC822-6026-4A61-83EA-7D758DECAD9F%40gmail.com.
--
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedd...@chromium.org.
To post to this group, send email to embedd...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/0d27c900-a949-455e-8f7e-d097a708b7be%40chromium.org.
--/* Opera Software, Linköping, Sweden: CET (UTC+1) */
--
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedder-dev...@chromium.org.
To post to this group, send email to embedd...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/d2b01405-11db-401a-88ad-ca20be60e28d%40chromium.org.
Firstly apologies for any anxiety or confusion caused by my blog post last month. To clarify, as of June we will start blocking sign-ins that are obviously automated; existing apps will not be affected. In hindsight the blog post is definitely unclear as to the scope of the June launch, and it would have been better to reach out to this group in advance.
The signals we use to detect automation are sensitive, so unfortunately we can’t share the raw data, but they have shown us clearly that a significant amount of malicious automation comes from CEF and other embedded frameworks. Over time this means that we can’t guarantee we won’t block a legitimate app from signing in if it implements sign-in using the same tools as a malicious app. Regardless as to whether an app appears suspicious or not, as part of efforts to make the web a safer place and better educate users, we want to eventually stop supporting any sign-in to Google from an environment that hides the URL.
Applications that require a Google sign-in should authenticate using OAuth via the system browser, even if they are embedding a browser engine, or consider migrating to Progressive Web Apps. We will be publishing more guidance and a timeline for migrating existing applications later this month. Meanwhile please reach out to me if you have questions or concerns about changes you need to make or the timeframe you’ll be able to make them in.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/d2b01405-11db-401a-88ad-ca20be60e28d%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "Chromium Embedders" group.
To unsubscribe from this group and stop receiving emails from it, send an email to embedder-dev...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/0245715e-38f2-4c96-a313-48a7682ebf41%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/CABc02_JSNhN-pwudDEd53gTS-CK%2BcvEfxvw6GuZ2oxcesLCB2w%40mail.gmail.com.
I can say that I contacted them in Sept and while initially it seemed positive with them connecting us to another team it became quite the slow role before both stopped responding completely for months. The "additional guidance" never appeared.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/CALn233pjoXphMH2FBz%3DVS4pag%3D7mDbnRF%3DdjKWwFa1XJqx0Jzw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/embedder-dev/DDBF6A7A-CF16-41C2-AD55-EB2CC9D5D7CF%40vewd.com.