Skip to content

browser live view recursion guard#302

Open
raiden-staging wants to merge 2 commits into
kernel:mainfrom
raiden-staging:recursion-guard
Open

browser live view recursion guard#302
raiden-staging wants to merge 2 commits into
kernel:mainfrom
raiden-staging:recursion-guard

Conversation

@raiden-staging

@raiden-staging raiden-staging commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

description

  • blocks live browser view url patterns , to prevent nested live view recursion

issue demo

  • before
kernel_recursionguard.mp4
  • after
url_guard

Note

Medium Risk
Touches shared Chromium enterprise policy at every browser start; misconfiguration could block unintended URLs or fail launches if policy JSON is invalid.

Overview
Adds a recursion guard that merges extra Chromium URLBlocklist entries before the browser starts, so agents cannot open the platform’s own live-browser capture URLs inside the VM (nested live view).

chromium-launcher now calls ApplyURLBlocklistGuard with entries from CHROMIUM_RECURSION_GUARD_URL_BLOCKLIST and exits on failure if policy cannot be applied. Unset/blank env uses a default pattern (https://onkernel.com:8443/browser/live); 0/false/off/none disables the guard; comma/newline lists allow overrides.

New policy helpers parse the env, dedupe entries, and append guard URLs to any existing customer URLBlocklist in policy.json without dropping other policy fields.

Reviewed by Cursor Bugbot for commit a8358d5. Bugbot is set up for automated code reviews on this repo. Configure here.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using high effort and found 3 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Want fixes drafted automatically? Bugbot Autofix can create code changes for findings. A team admin can enable Autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit a8358d5. Configure here.

entries = uniqueStrings(entries)
if len(entries) == 0 {
return nil
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Disable env leaves blocklist

Medium Severity

When CHROMIUM_RECURSION_GUARD_URL_BLOCKLIST is set to 0, false, off, or none, parsing returns no entries and ApplyURLBlocklistGuard exits without writing policy. Guard URLs merged on earlier Chromium starts stay in URLBlocklist, so the recursion guard keeps blocking even though the env documents an explicit disable.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit a8358d5. Configure here.

// would disable subdomain matching.
// The query is intentionally omitted so livestream JWT variations are
// covered without per-request proxy work.
DefaultChromiumRecursionGuardURLBlocklist = "https://onkernel.com:8443/browser/live"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Default blocklist port mismatch

Medium Severity

The default guard pattern https://onkernel.com:8443/browser/live includes port 8443, while product docs describe live view on port 443. Chrome URLBlocklist filters with an explicit port generally match that port only, so navigations to https://onkernel.com/browser/live on implicit HTTPS 443 may not be blocked and nested live view can still recurse.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit a8358d5. Configure here.

return p.Modify(func(current *Policy) error {
return mergeURLBlocklistGuard(current, entries)
})
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parallel policy writers lose updates

Medium Severity

Each Chromium start now read-modifies-writes policy.json via ApplyURLBlocklistGuard, while the API process uses the same Policy.Modify helper. The mutex is in-process only, so concurrent launcher and API updates can overwrite each other and drop extension or policy changes written in between.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit a8358d5. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant