Merge pull request #1013 from BrowserBox/fixes-v10

Fixes v10 - partial v10 wip
BrowserBox · Nov 8, 2024 · 189648d · 189648d
2 parents fb05b35 + f110132
commit 189648d
Show file tree

Hide file tree

Showing 9 changed files with 15 additions and 11 deletions.
diff --git a/.partial-release-mark b/.partial-release-mark
@@ -0,0 +1 @@
+1731047075
diff --git a/Dockerfile b/Dockerfile
@@ -5,7 +5,7 @@
 FROM debian:latest
 LABEL org.opencontainers.image.title="BrowserBox" \
   org.opencontainers.image.description="BrowserBox: Web Isolation, Document Sanitization, and Reverse CORS Proxy in one embeddable iframe. Licensed under Polyform Noncommercial 1.0, with commercial options available. Contact [email protected] for flexible licensing, support, and customization. Suitable for all sizes of organizations and custom applications." \
-  org.opencontainers.image.version="9.2.0" \
+  org.opencontainers.image.version="9.8.3" \
   org.opencontainers.image.authors="DOSAYGO BrowserBox Team <[email protected]>" \
   org.opencontainers.image.source="https://github.com/BrowserBox/BrowserBox"
 

diff --git a/deploy-scripts/_bbpro.sh b/deploy-scripts/_bbpro.sh
@@ -137,9 +137,9 @@ if ! has_renice_cap "$USER"; then
       $SUDO groupadd renice >&2
       echo "%renice ALL=NOPASSWD: /usr/bin/renice, /usr/bin/loginctl, /usr/bin/id" | $SUDO tee -a /etc/sudoers >&2
     fi
-    if ! $SUDO grep -q "%browsers ALL=NOPASSWD:" /etc/sudoers; then
+    if ! $SUDO grep -q "%browsers ALL=(ALL:browsers) NOPASSWD:" /etc/sudoers; then
       $SUDO groupadd browsers >&2
-      echo "%browsers ALL=NOPASSWD: /usr/bin/pulseaudio --start, /usr/bin/pulseaudio --start --use-pid-file=true --log-level=debug, /usr/bin/pulseaudio --check" | $SUDO tee -a /etc/sudoers >&2
+      echo "%browsers ALL=(ALL:browsers) NOPASSWD: /usr/bin/pulseaudio --start, /usr/bin/pulseaudio --start --use-pid-file=true --log-level=debug, /usr/bin/pulseaudio --check" | $SUDO tee -a /etc/sudoers >&2
     fi
     $SUDO usermod -aG renice $USER
     echo "You may need to log out and log in again, or restart your shell/terminal, for renice capability take effect."

diff --git a/deploy-scripts/auto_cert_renew b/deploy-scripts/auto_cert_renew
@@ -14,7 +14,7 @@ sudo cp ./deploy-scripts/renew_tls.sh /root/renew_tls.sh
 
 # add our job to crontab if it's not there already
 if ! sudo crontab -l 2>/dev/null | grep -q "renew_tls.sh $1"; then
-  (sudo crontab -l 2>/dev/null; echo "0 12 * * * /root/renew_tls.sh $1 $2") | sudo crontab -
+  (sudo crontab -l 2>/dev/null; echo "*/5 * * * * /root/renew_tls.sh $1 $2") | sudo crontab -
 fi
 
 
diff --git a/scripts/bg_frb_setup.sh b/scripts/bg_frb_setup.sh
@@ -24,7 +24,7 @@ sudo groupadd browsers
 # not sure if we need it and it could be security risk 
 # as seems to give every app user sudo ability with browsers ? 
 #echo "You need to edit sudoers file with visudo to add"
-#echo "ALL ALL=(:browsers) NOPASSWD:ALL"
+#echo "%browsers ALL=(ALL:browsers) NOPASSWD: /usr/bin/pulseaudio"
 #read -p "Press enter to continue to visudo"
 #read | sudo visudo
 sudo $APT install cpulimit cgroup-tools

diff --git a/scripts/setup_machine.sh b/scripts/setup_machine.sh
@@ -125,9 +125,9 @@ if ! $SUDO grep -q "%renice ALL=NOPASSWD:" /etc/sudoers; then
   $SUDO groupadd renice >&2
   echo "%renice ALL=NOPASSWD: /usr/bin/renice, /usr/bin/loginctl, /usr/bin/id" | $SUDO tee -a /etc/sudoers >&2
 fi
-if ! $SUDO grep -q "%browsers ALL=NOPASSWD:" /etc/sudoers; then
+if ! $SUDO grep -q "%browsers ALL=(ALL:browsers) NOPASSWD:" /etc/sudoers; then
   $SUDO groupadd browsers >&2
-  echo "%browsers ALL=NOPASSWD: /usr/bin/pulseaudio --start, /usr/bin/pulseaudio --start --use-pid-file=true --log-level=debug, /usr/bin/pulseaudio --check" | $SUDO tee -a /etc/sudoers >&2
+  echo "%browsers ALL=(ALL:browsers) NOPASSWD: /usr/bin/pulseaudio --start, /usr/bin/pulseaudio --start --use-pid-file=true --log-level=debug, /usr/bin/pulseaudio --check" | $SUDO tee -a /etc/sudoers >&2
 fi
 
 $SUDO ufw disable

diff --git a/src/public/voodoo/src/components/bb-view/style.css b/src/public/voodoo/src/components/bb-view/style.css
@@ -9,6 +9,7 @@ canvas {
   image-rendering: optimizequality;
   image-rendering: smooth;
   image-rendering: high-quality;
+  touch-action: none;
 }
 
 
diff --git a/src/services/pool/deploy/scripts/setup.sh b/src/services/pool/deploy/scripts/setup.sh
@@ -30,10 +30,10 @@ if ! $SUDO grep -q "%renice ALL=NOPASSWD:" /etc/sudoers; then
   $SUDO groupadd renice >&2
   echo "%renice ALL=NOPASSWD: /usr/bin/renice, /usr/bin/loginctl, /usr/bin/id" | $SUDO tee -a /etc/sudoers >&2
 fi
-if ! $SUDO grep -q "%browsers ALL=NOPASSWD:" /etc/sudoers; then
+if ! $SUDO grep -q "%browsers ALL=(ALL:browsers) NOPASSWD:" /etc/sudoers; then
   $SUDO groupadd browsers >&2
-  echo "%browsers ALL=NOPASSWD: /usr/bin/pulseaudio --start" | $SUDO tee -a /etc/sudoers >&2
-  echo "%browsers ALL=NOPASSWD: /usr/bin/pulseaudio --start --use-pid-file=true --log-level=debug, /usr/bin/pulseaudio --check" | $SUDO tee -a /etc/sudoers >&2
+  echo "%browsers ALL=(ALL:browsers) NOPASSWD: /usr/bin/pulseaudio --start" | $SUDO tee -a /etc/sudoers >&2
+  echo "%browsers ALL=(ALL:browsers) NOPASSWD: /usr/bin/pulseaudio --start --use-pid-file=true --log-level=debug, /usr/bin/pulseaudio --check" | $SUDO tee -a /etc/sudoers >&2
 fi
 
 

diff --git a/src/zombie-lord/connection.js b/src/zombie-lord/connection.js
@@ -49,7 +49,9 @@ import {extensions, getInjectableAssetPath, fileChoosers} from '../ws-server.js'
 const INTERNAL_WORKERS = new Set([
   'ghbmnnjooekpmoecnnnilnnbdlolhkhi', // Google docs offline
   'nmmhkkegccagdldgiimedpiccmgmieda', // Some kind of Google / YouTube related extension
+  'mhjfbmdgcfjbbpaeojofohoefgiehjai', // Google Chrome PDF viewer extension
 ]);
+const PROTECTED_EXTENSIONS = INTERNAL_WORKERS;
 
 // standard injections
 const selectDropdownEvents = fs.readFileSync(path.join(APP_ROOT, 'zombie-lord', 'injections', 'selectDropdownEvents.js')).toString();
@@ -1865,7 +1867,7 @@ export default async function Connect({port}, {adBlock:adBlock = DEBUG.adBlock,
       DEBUG.debugSetupWorker && console.log({result});
       const url = new URL(result.value);
       DEBUG.debugSetupWorker && console.log({url});
-      if ( url.protocol == 'chrome-extension:' && url.hostname.length == 32 && !url.pathname.endsWith('.html') ) {
+      if ( url.protocol == 'chrome-extension:' && url.hostname.length == 32 && !url.pathname.endsWith('.html') && ! PROTECTED_EXTENSIONS.has(url.hostname) ) {
         Workers.set(sessionId, {});
         console.log('Attached to extension service worker. Preparing inject');
         const swPathParts = url.pathname.split(path.sep);