Html-widget cefrender

Author: roger.wallin@abilita.fi (rogerw)

Hi, From Uniface library 9.7.04 "The HTML widget does not perform security checks, so it can open an HTTPS URL without performing any SSL certificate checks. Important: When using the HTML widget to display external web sites or web pages, you are responsible for ensuring the security of the application. For more information, see Web Security Guidelines."  Isn't the above true anymore?  If not true, the following question: Using the html widget, Uniface starts "cefrender.exe". Is it possible to add the parameter

--ignore-certificate-errors

as cefrender.exe is started? Regards RogerW

2 Comments

  1. Hi RogerW, The described behavior was only applicable for Uniface < 9.7.02. With version 9.7.02 the version of CEF was upgraded from CEF1 to CEF3 and now the certificates of a requested web site are checked. The documentation was updated with the patch G413 to reflect this change in behavior (see restrictions for HTML Widget):

    "The HTML widget performs SSL certificate checks, and will not display a requested URL if the common name of the certificate does not match the server name. You must ensure that valid certificates are available on the local machine, either in the browser or as Trusted Root Certification Authority on Windows." And at this moment it's not possible to override this behavior. Sorry. Using a certificate as described above will resolve the problem. I hope this helps. Regards, Daniel Iseli Uniface Support


    Author: diseli (daniel.iseli@uniface.com)
  2. Thanks Daniel, we can probably make a quick workaround by using the UHTTP and then the html-widget. Regards RogerW.


    Author: rogerw (roger.wallin@abilita.fi)