为什么使用TEmbeddedWB时QueryService不被IHttpSecurity调用? [英] Why doesn't QueryService get called for IHttpSecurity when using TEmbeddedWB?

问题描述

TEmbeddedWB 包含一个事件，用于扩展对其他服务的支持，称为 OnQueryService .根据 MSDN ，此功能将是被调用以允许我返回 IHttpSecurity 引用，因此我可以用自己的方式处理证书错误.但是，尽管为许多其他接口调用了 OnQueryService ，但从未为 IHttpSecurity 调用它.

TEmbeddedWB contains an event for extending support for additional services, called OnQueryService. According to MSDN, this function will be called to allow me to return an IHttpSecurity reference, so I can handle certificate errors my way. However, while OnQueryService is called for a number of other interfaces, it never gets called for IHttpSecurity.

示例代码:

unit InsecureBrowser;

interface

uses
  Winapi.Windows,
  Winapi.Messages,
  Winapi.Urlmon,
  Winapi.WinInet,
  System.SysUtils,
  System.Variants,
  System.Classes,
  Vcl.Graphics,
  Vcl.Controls,
  Vcl.Forms,
  Vcl.Dialogs,
  Vcl.OleCtrls,
  Vcl.StdCtrls,
  SHDocVw_EWB,
  EwbCore,
  EmbeddedWB;

type
  TInsecureBrowserForm = class(TForm, IHttpSecurity, IWindowForBindingUI)
    web: TEmbeddedWB;
    cmdGoInsecure: TButton;
    procedure webQueryService(Sender: TObject; const [Ref] rsid,
      iid: TGUID; var Obj: IInterface);
    procedure cmdGoInsecureClick(Sender: TObject);
  private
    { IWindowForBindingUI }
    function GetWindow(const guidReason: TGUID; out hwnd): HRESULT; stdcall;

    { IHttpSecurity }
    function OnSecurityProblem(dwProblem: Cardinal): HRESULT; stdcall;
  end;

var
  InsecureBrowserForm: TInsecureBrowserForm;

implementation

{$R *.dfm}

function TInsecureBrowserForm.GetWindow(const guidReason: TGUID;
  out hwnd): HRESULT;
begin
  Result := S_FALSE;
end;

function TInsecureBrowserForm.OnSecurityProblem(dwProblem: Cardinal): HRESULT;
begin
  if (dwProblem = ERROR_INTERNET_INVALID_CA) or
     (dwProblem = ERROR_INTERNET_SEC_CERT_CN_INVALID)
    then Result := S_OK
    else Result := E_ABORT;
end;

procedure TInsecureBrowserForm.webQueryService(Sender: TObject;
  const [Ref] rsid, iid: TGUID; var Obj: IInterface);
begin
  if IsEqualGUID(IID_IWindowForBindingUI, iid) then
    Obj := Self as IWindowForBindingUI
  else if IsEqualGUID(IID_IHttpSecurity, iid) then
    Obj := Self as IHttpSecurity;
end;

procedure TInsecureBrowserForm.cmdGoInsecureClick(Sender: TObject);
begin
  web.Navigate('https://evil.intranet.site');
end;

end.

推荐答案

这不是很明显，但是事实证明，在使用 WebBrowser2 之前，您需要导航到 about:blank ，或者某些事情根本不会发生，包括一些 QueryService 调用.感谢Igor Tandetnik识别了此在2010年.

It's not obvious, but it turns out you need to navigate to about:blank before using WebBrowser2, or certain things just don't happen, including some QueryService calls. Thanks to Igor Tandetnik for identifying this in 2010.

因此，只需添加:

procedure TInsecureBrowserForm.FormCreate(Sender: TObject);
begin
  web.Navigate('about:blank');
end;

我也在我的博客上写下了这句话: https://marc.durdin.net/2016/03/dont-forget-to-navigate-to-aboutblank-when-embedding-iwebbrowser2/

I also wrote this up on my blog: https://marc.durdin.net/2016/03/dont-forget-to-navigate-to-aboutblank-when-embedding-iwebbrowser2/

这篇关于为什么使用TEmbeddedWB时QueryService不被IHttpSecurity调用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！