Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v2, windows] Handle webview2 process crashes and add DisableWebViewRendererCodeIntegrity flag #2627

Merged
merged 2 commits into from
Apr 27, 2023
Merged

[v2, windows] Handle webview2 process crashes and add DisableWebViewRendererCodeIntegrity flag #2627

merged 2 commits into from
Apr 27, 2023

Conversation

stffabi
Copy link
Collaborator

@stffabi stffabi commented Apr 27, 2023

This was referenced Apr 27, 2023
Closed
Closed
Closed
@stffabi stffabi force-pushed the feature/webview2-process-crashes-and-flag branch from 0ef44af to 80d64fa Compare April 27, 2023 15:30
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Apr 27, 2023
edited
Loading

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: 80d64fa
Status: ✅  Deploy successful!
Preview URL: https://54ac394d.wails.pages.dev
Branch Preview URL: https://feature-webview2-process-cra.wails.pages.dev

View logs

@AlbinoDrought
Copy link
Contributor

I can confirm this works for me, thanks! 👍

Dialog when webview crashes:

image

--disable-features contains RendererCodeIntegrity when Windows.WebviewDisableRendererCodeIntegrity=true:

image

@stffabi
Copy link
Collaborator Author

stffabi commented Apr 27, 2023

Awesome, thanks for testing 🙏

@stffabi stffabi marked this pull request as ready for review April 27, 2023 19:19
@stffabi stffabi requested a review from leaanthony April 27, 2023 19:19
leaanthony
leaanthony approved these changes Apr 27, 2023
View reviewed changes
Copy link
Member

@leaanthony leaanthony left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome job! Thank you 🙏

...nternal/frontend/desktop/windows/go-webview2/pkg/edge/ICoreWebView2ProcessFailedEventArgs.go
}

func (i *ICoreWebView2ProcessFailedEventArgs) GetProcessFailedKind() (COREWEBVIEW2_PROCESS_FAILED_KIND, error) {
kind := COREWEBVIEW2_PROCESS_FAILED_KIND(0xffffffff)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering if this would fail on 32bit (not that we support it! 😅)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just tried it, works fine 😄

@stffabi stffabi merged commit 3853d2d into master Apr 27, 2023
@stffabi stffabi deleted the feature/webview2-process-crashes-and-flag branch April 27, 2023 21:03
@stffabi
Copy link
Collaborator Author

stffabi commented Apr 27, 2023

Thanks for approving 🙏

@ziveni
Copy link

ziveni commented May 14, 2023

I can confirm this works for me, thanks! 👍

Dialog when webview crashes:

image

--disable-features contains RendererCodeIntegrity when Windows.WebviewDisableRendererCodeIntegrity=true:

image

I don't understand how you tested it successfully

@lilili87222
Copy link

github.com/wailsapp/wails/v2 v2.5.0

start fail with following errors and blank window on some computer
Err | WebVie2wProcess failed with kind 1
Err | WebVie2wProcess failed with kind 1

@stffabi
Copy link
Collaborator Author

stffabi commented May 15, 2023

github.com/wailsapp/wails/v2 v2.5.0

start fail with following errors and blank window on some computer

Err | WebVie2wProcess failed with kind 1

Err | WebVie2wProcess failed with kind 1

There's not really much we can do here against these crashes. The best we can do is to make sure the underlying webview error page is shown, which we tried to achieve with this PR. If that chromium error is not shown this either means the webview is still hidden or the webview itself does not show one.
Because none of us was able to reproduce this, we can only add some handling and wait until we get a feedback from those affected from this.
You might try to change the code where the error is handled and tries to make sure the webview and window is getting unhidden. You could maybe try to first do a chromium.hide() then a chromium.show(). Maybe that helps to bring up the error page. You can also take a look into the windows eventviewer which should show the error that happened.

Almost all those crashes are caused by wrongly signed dlls injected into the webview process, which is getting detected and causes the renderer to stop. This is something done in the webview2 by microsoft and ot by Wails.
If you want you can try to use the new disablerendererintegritycheck flag to disable this, but please be aware of the security implications this has as stated on the comment of the flag.

@ziveni
Copy link

ziveni commented May 15, 2023

github.com/wailsapp/wails/v2 v2.5.0
start fail with following errors and blank window on some computer
Err | WebVie2wProcess failed with kind 1
Err | WebVie2wProcess failed with kind 1

There's not really much we can do here against these crashes. The best we can do is to make sure the underlying webview error page is shown, which we tried to achieve with this PR. If that chromium error is not shown this either means the webview is still hidden or the webview itself does not show one. Because none of us was able to reproduce this, we can only add some handling and wait until we get a feedback from those affected from this. You might try to change the code where the error is handled and tries to make sure the webview and window is getting unhidden. You could maybe try to first do a chromium.hide() then a chromium.show(). Maybe that helps to bring up the error page. You can also take a look into the windows eventviewer which should show the error that happened.

Almost all those crashes are caused by wrongly signed dlls injected into the webview process, which is getting detected and causes the renderer to stop. This is something done in the webview2 by microsoft and ot by Wails. If you want you can try to use the new disablerendererintegritycheck flag to disable this, but please be aware of the security implications this has as stated on the comment of the flag.

I have disabled this feature as prompted, and now it works fine

@ziveni
Copy link

ziveni commented May 15, 2023

I resolved this issue by configuring this environment variable to disable integrity checking. Please note that renderer code integrity checking is a security mechanism that ensures the loaded renderer code has not been tampered with or damaged. Disabling this feature allows bypassing the renderer code integrity check but reduces security.

image

@stffabi
Copy link
Collaborator Author

stffabi commented May 15, 2023

Please use the appropriate provided flag for this:

wails/v2/pkg/options/windows/windows.go

Lines 107 to 115 in c1a0e13

// WebviewDisableRendererCodeIntegrity disables the `RendererCodeIntegrity` of WebView2. Some Security Endpoint
// Protection Software inject themself into the WebView2 with unsigned or wrongly signed dlls, which is not allowed
// and will stop the WebView2 processes. Those security software need an update to fix this issue or one can disable
// the integrity check with this flag.
//
// The event viewer log contains `Code Integrity Errors` like mentioned here: https://github.com/MicrosoftEdge/WebView2Feedback/issues/2051
//
// !! Please keep in mind when disabling this feature, this also allows malicious software to inject into the WebView2 !!
WebviewDisableRendererCodeIntegrity bool

Env variables should not work because we didn't support that for the native webview2loader and this seems to be a bug in the new webview2loader. So this is going to be fixed pretty soon.

misitebao pushed a commit that referenced this pull request May 27, 2023
@stffabi @misitebao
[v2, windows] Handle webview2 process crashes and add DisableWebViewR…
c8ce0ee 
…endererCodeIntegrity flag (#2627)

* Add flag to disable webview RendererCodeIntegrity checks
* Handle webview2 process crashes
@AlbinoDrought
Copy link
Contributor

WebviewDisableRendererCodeIntegrity may be obsolete on 118+: https://github.com/MicrosoftEdge/WebView2Feedback/pull/4134/files

josStorer referenced this pull request in josStorer/RWKV-Runner Mar 31, 2024
@josStorer
update manifest.json
f6614ff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leaanthony leaanthony leaanthony approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@stffabi @AlbinoDrought @ziveni @lilili87222 @leaanthony