devtool: Use new PUT requests (#139)

Newer versions of Chromium require PUT requests as a security measure, we now prefer PUT and fallback to GET. Fixes #138
mafredri · Mar 24, 2023 · 0a8c15b · 0a8c15b
1 parent 612455d
commit 0a8c15b
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 13 deletions.
diff --git a/devtool/devtool.go b/devtool/devtool.go
@@ -88,7 +88,7 @@ func (d *DevTools) CreateURL(ctx context.Context, openURL string) (*Target, erro
 		escapedQueryURL = "?" + url.QueryEscape(openURL)
 	}
 
-	resp, err := d.httpGet(ctx, "/json/new"+escapedQueryURL)
+	resp, err := d.httpPut(ctx, "/json/new"+escapedQueryURL)
 	if err != nil {
 		return nil, err
 	}
@@ -143,7 +143,7 @@ func (d *DevTools) Get(ctx context.Context, typ Type) (*Target, error) {
 
 // List returns a list with all devtools Targets.
 func (d *DevTools) List(ctx context.Context) ([]*Target, error) {
-	resp, err := d.httpGet(ctx, "/json/list")
+	resp, err := d.httpPut(ctx, "/json/list")
 	if err != nil {
 		return nil, err
 	}
@@ -159,7 +159,7 @@ func (d *DevTools) List(ctx context.Context) ([]*Target, error) {
 
 // Activate brings focus to the Target.
 func (d *DevTools) Activate(ctx context.Context, t *Target) error {
-	resp, err := d.httpGet(ctx, "/json/activate/"+t.ID)
+	resp, err := d.httpPut(ctx, "/json/activate/"+t.ID)
 	if err != nil {
 		return err
 	}
@@ -178,7 +178,7 @@ func (d *DevTools) Activate(ctx context.Context, t *Target) error {
 
 // Close the Target.
 func (d *DevTools) Close(ctx context.Context, t *Target) error {
-	resp, err := d.httpGet(ctx, "/json/close/"+t.ID)
+	resp, err := d.httpPut(ctx, "/json/close/"+t.ID)
 	if err != nil {
 		return err
 	}
@@ -215,7 +215,7 @@ type Version struct {
 
 // Version returns the version information for the DevTools endpoint.
 func (d *DevTools) Version(ctx context.Context) (*Version, error) {
-	resp, err := d.httpGet(ctx, "/json/version")
+	resp, err := d.httpPut(ctx, "/json/version")
 	if err != nil {
 		return nil, err
 	}
@@ -229,7 +229,7 @@ func (d *DevTools) Version(ctx context.Context) (*Version, error) {
 	return v, json.NewDecoder(resp.Body).Decode(&v)
 }
 
-func (d *DevTools) httpGet(ctx context.Context, path string) (*http.Response, error) {
+func (d *DevTools) httpPut(ctx context.Context, path string) (*http.Response, error) {
 	if ctx == nil {
 		ctx = context.Background()
 	}
@@ -239,7 +239,19 @@ func (d *DevTools) httpGet(ctx context.Context, path string) (*http.Response, er
 		return nil, err
 	}
 
-	req, err := http.NewRequest(http.MethodGet, d.url+path, nil)
+	// New versions of Chromium require PUT requests as a security measure.
+	req, err := http.NewRequest(http.MethodPut, d.url+path, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := d.client.Do(req.WithContext(ctx))
+	if err == nil {
+		return resp, nil
+	}
+
+	// Fallback to old method, use GET request.
+	req, err = http.NewRequest(http.MethodGet, d.url+path, nil)
 	if err != nil {
 		return nil, err
 	}

diff --git a/devtool/testdata/test.golden b/devtool/testdata/test.golden
@@ -1,12 +1,12 @@
-GET /json/new?https%3A%2F%2Fwww.google.com
+PUT /json/new?https%3A%2F%2Fwww.google.com
 CreateURL: &{ /devtools/inspector.html?ws=localhost:9222/devtools/page/ded68f91-23c0-4d15-b644-c10c3d06ec32 ded68f91-23c0-4d15-b644-c10c3d06ec32  page about:blank ws://localhost:9222/devtools/page/ded68f91-23c0-4d15-b644-c10c3d06ec32} <nil>
-GET /json/new
+PUT /json/new
 Create: &{ /devtools/inspector.html?ws=localhost:9222/devtools/page/ded68f91-23c0-4d15-b644-c10c3d06ec32 ded68f91-23c0-4d15-b644-c10c3d06ec32  page about:blank ws://localhost:9222/devtools/page/ded68f91-23c0-4d15-b644-c10c3d06ec32} <nil>
-GET /json/list
+PUT /json/list
 Get: &{ /devtools/inspector.html?ws=localhost:9222/devtools/page/4bae5c92-f550-4538-aafb-4263b4e6c9b2 4bae5c92-f550-4538-aafb-4263b4e6c9b2 about:blank page about:blank ws://localhost:9222/devtools/page/4bae5c92-f550-4538-aafb-4263b4e6c9b2} <nil>
-GET /json/close/ddd908ca-4d8c-4783-a089-c9456c463eef
+PUT /json/close/ddd908ca-4d8c-4783-a089-c9456c463eef
 Close: <nil> <nil>
-GET /json/activate/ddd908ca-4d8c-4783-a089-c9456c463eef
+PUT /json/activate/ddd908ca-4d8c-4783-a089-c9456c463eef
 Activate: <nil> <nil>
-GET /json/version
+PUT /json/version
 Version: &{Chrome/59.0.3040.0 1.2 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3040.0 Safari/537.36 5.9.35 537.36 (@c020f6a22577978ce1fe89fc1a397f2a651c48a8)  ws://localhost:9222/devtools/browser/74ffefaa-3f6b-4d25-8fb3-98b85d7bf1cd} <nil>