Visual Content fails to load after upgrading from CEF Version 119.4.30 to CEF Version 120.1.80

[Spartan-Hex-Shadow]

Is there an existing issue for this?

• I have searched both open/closed issues, no issue already exists.

CefSharp Version

120.1.80

Operating System

Windows 11

Architecture

x64

.Net Version

.NET 4.8

Implementation

WinForms

Reproduction Steps

Program.cs
[STAThread] public static void Main() { CefSettings settings = new CefSettings(); // settings.CefCommandLineArgs.Add("disable-web-security", "true"); Cef.Initialize(settings, performDependencyCheck: true, browserProcessHandler: null); Console.WriteLine($"Initialized settings: {Cef.IsInitialized}"); Application.EnableVisualStyles(); Application.SetCompatibleTextRenderingDefault(false); Application.Run(new Form1()); }

Form1.Designer.cs
private void InitializeComponent() { this.components = new System.ComponentModel.Container(); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; this.ClientSize = new System.Drawing.Size(1920, 1080); this.Text = "Form1"; try { var browser = new ChromiumWebBrowser("www.google.com"); Controls.Add(browser); browser.LoadUrl("https://bla.blob.com/delivery/?keycode=5XRRXMGY"); } catch (Exception e) { Console.WriteLine(JsonConvert.SerializeObject(e)); } }

Expected behavior

Content loads in the WinForms

Actual behavior

Content fails to load in the Winforms APP and shows this message:
Access to XMLHttpRequest at 'https://bla.ashx') from origin 'https://bla.bla.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.", source: https://bla.blob.com/delivery/?keycode=5XRRXMGY (0)

Regression?

Yes, this works in CEF Version 119.4.30. I am able to make it work in CEF Version 120+ by adding this arg: settings.CefCommandLineArgs.Add("disable-web-security", "true"), but as it is not needed in 119 and only needed in 120 above, i would rather fix the underlying issue causing the error.

Known Workarounds

settings.CefCommandLineArgs.Add("disable-web-security", "true");

Adding this into the CEFSettings lets the content load

Does this problem also occur in the CEF Sample Application

Yes using WPF/OffScreen command line args

Other information

No response

[GeorgeVovos]

This probably isn't a CefSharp issue but a CEF one (I'm not sure though) (Works on Chromium, Chrome or Edge too)
It seems to break on version 6099 but works on 6045.
They differ only by a few commits but there is a CORS related commit in the diff,not sure if it's related though CEF 6045-6099 Comparisson

[amaitland]

Does this problem also occur in the CEF Sample Application
Yes using WPF/OffScreen command line args

In future please make sure you test with the CEF Sample Application (cefclient). It's not clear you've done that.

This probably isn't a CefSharp issue but a CEF one (I'm not sure though)

That's the reason we ask that you test with cefclient, so you can clearly identify where to create an issue.

Looks like you've created chromiumembedded/cef#3668

Continue the conversation there.