Please add user-data-dir requirement to disable-web-security description
Reported by
sits...@gmail.com,
May 6 2017
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Steps to reproduce the problem: According to http://stackoverflow.com/a/3177718 in order to use --disable-web-security you must also set --user-data-dir (although perhaps the intent was for it be set to a real value rather than empty) Steps to reproduce: 1. Start Chrome from PowerShell as follows to throw away security so as to get VMware's Client Integration Plugin going with a vCenter: & "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --ignore-certificate-errors https://addressofvcenter/vsphere-client/?csp What is the expected behavior? Plugin to work, "Use Windows session authentication" checkbox to be clickable. What went wrong? Plugin wasn't contactable "Use Windows session authentication" checkbox is unclickable errors appear in the console saying Uncaught DOMException: Failed to execute 'assign' on 'Location': Blocked a frame with origin "https://example.com" from accessing a cross-origin frame. at ApiConnection.__startProtocolServer__ (https://example.com/websso/resources/js/assets/csd_api_connection.js:212:23) at ApiConnection.__callStartProtocolServer__ (https://example.com/websso/resources/js/assets/csd_api_connection.js:194:12) at ApiConnection.__on_lookup_connected__ (https://example.com/websso/resources/js/assets/csd_api_connection.js:180:15) at WebSocket.socket.onopen (https://example.com/websso/resources/js/assets/csd_api_connection.js:124:16) Did this work before? N/A Chrome version: 57.0.2987.133 Channel: n/a OS Version: OS X 10.12.4 Flash Version: Looking at http://stackoverflow.com/a/3177718 says you need to use --user-data-dir (it seems a bit cheesy not to provide a real argument to it though) in order for --disable-web-security to work but this is not documented on http://peter.sh/experiments/chromium-command-line-switches/#disable-web-security (unlike unsafely-treat-insecure-origin-as-secure) which is autogenerated from Chrome's source. Using & "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir=InsecureProfileforVMwarevSphere --disable-web-security --ignore-certificate-errors https://addressofvcenter/vsphere-client/?csp does work.
,
May 17 2017
Peter, this is your page isn't it?
,
May 18 2017
I'd argue this issue should be owned by whoever writes comments for switches - the text seems to come from https://cs.chromium.org/chromium/src/content/public/common/content_switches.cc?q=disable-web-security+package:%5Echromium$&dr=C&l=308 ...
,
May 18 2017
Another link showing the history: https://chromium.googlesource.com/chromium/src/+blame/0a2a69a314c707ddfb83387690242dc86b088eed/content/public/common/content_switches.cc#308 .
,
May 18 2017
My page just scrapes the source code, amending that should update it there. I really don't have the time to write all these descriptions myself :P.
,
Sep 10 2017
peter - any chance you could reassign this to the person who wrote that description?
,
Dec 7 2017
,
Dec 12 2017
It turns out that the user-data-dir is only required in one of four codepaths that check this flag. So we need to fix that too.
,
May 1 2018
|
||||
►
Sign in to add a comment |
||||
Comment 1 by sdy@chromium.org
, May 10 2017Owner: mkwst@chromium.org