Update local file scheme handler

Author: Warchamp7

CMakeLists.txt

@@ -31,6 +31,7 @@ target_sources(
           cef-headers.hpp
           deps/base64/base64.cpp
           deps/base64/base64.hpp
+          deps/ip-string.hpp
           deps/signal-restore.cpp
           deps/signal-restore.hpp
           deps/wide-string.cpp

browser-app.cpp

@@ -50,7 +50,8 @@ CefRefPtr<CefBrowserProcessHandler> BrowserApp::GetBrowserProcessHandler()
 
 void BrowserApp::OnRegisterCustomSchemes(CefRawPtr<CefSchemeRegistrar> registrar)
 {
-	registrar->AddCustomScheme("http", CEF_SCHEME_OPTION_STANDARD | CEF_SCHEME_OPTION_CORS_ENABLED);
+	registrar->AddCustomScheme("obsbrowser", CEF_SCHEME_OPTION_STANDARD | CEF_SCHEME_OPTION_CORS_ENABLED |
+							 CEF_SCHEME_OPTION_FETCH_ENABLED);
 }
 
 void BrowserApp::OnBeforeChildProcessLaunch(CefRefPtr<CefCommandLine> command_line)

browser-scheme.cpp

@@ -17,6 +17,7 @@
  ******************************************************************************/
 
 #include "browser-scheme.hpp"
+#include "ip-string.hpp"
 #include "wide-string.hpp"
 #include <include/wrapper/cef_stream_resource_handler.h>
 
@@ -41,18 +42,28 @@ CefRefPtr<CefResourceHandler> BrowserSchemeHandlerFactory::Create(CefRefPtr<CefB
 	if (fileExtension.compare("woff2") == 0)
 		fileExtension = "woff";
 
-#ifdef _WIN32
-	CefRefPtr<CefStreamReader> stream = CefStreamReader::CreateForFile(path.substr(1));
-#else
-	CefRefPtr<CefStreamReader> stream = CefStreamReader::CreateForFile(path);
-#endif
-
-	if (stream) {
-		CefString mimeType = CefGetMimeType(fileExtension);
-		if (mimeType.empty())
-			mimeType = "application/octet-stream";
-		return new CefStreamResourceHandler(mimeType, stream);
-	} else {
+	std::string filePath = path.substr(path.find_first_not_of("/"));
+	std::string checkString = filePath.substr(0, filePath.find_first_of("/"));
+
+	// An IP address should never be a valid path for CreateForFile normally, but in some cases an OS
+	// can resolve one as such. As an extra safeguard, we prevent any IP addresses in the path.
+	if (checkForIpv4String(checkString)) {
+		return nullptr;
+	}
+
+	if (checkForIpv6String(checkString)) {
+		return nullptr;
+	}
+
+	CefRefPtr<CefStreamReader> stream = CefStreamReader::CreateForFile(filePath);
+	if (!stream) {
 		return nullptr;
 	}
+
+	CefString mimeType = CefGetMimeType(fileExtension);
+	if (mimeType.empty()) {
+		mimeType = "application/octet-stream";
+	}
+
+	return new CefStreamResourceHandler(mimeType, stream);
 }

cmake/os-linux.cmake

@@ -21,6 +21,8 @@ target_include_directories(browser-helper PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}/d
 
 target_link_libraries(browser-helper PRIVATE CEF::Wrapper CEF::Library)
 
+target_sources(obs-browser PRIVATE deps/ip-string.cpp)
+
 set(OBS_EXECUTABLE_DESTINATION "${OBS_PLUGIN_DESTINATION}")
 
 # cmake-format: off

cmake/os-macos.cmake

@@ -54,6 +54,8 @@ foreach(helper IN LISTS helper_suffixes)
                "${CMAKE_CURRENT_SOURCE_DIR}/cmake/macos/entitlements-helper${helper_plist}.plist")
 endforeach()
 
+target_sources(obs-browser PRIVATE deps/ip-string.cpp)
+
 set_target_properties(
   obs-browser
   PROPERTIES AUTOMOC ON

cmake/os-windows.cmake

@@ -22,6 +22,9 @@ target_compile_definitions(obs-browser-helper PRIVATE ENABLE_BROWSER_SHARED_TEXT
 target_link_libraries(obs-browser-helper PRIVATE CEF::Wrapper CEF::Library nlohmann_json::nlohmann_json)
 target_link_options(obs-browser-helper PRIVATE /IGNORE:4099 /SUBSYSTEM:WINDOWS)
 
+target_link_libraries(obs-browser PRIVATE Ws2_32)
+target_sources(obs-browser PRIVATE deps/ip-string-windows.cpp)
+
 set(OBS_EXECUTABLE_DESTINATION "${OBS_PLUGIN_DESTINATION}")
 set_target_properties_obs(
   obs-browser-helper

deps/ip-string-posix.cpp

@@ -0,0 +1,35 @@
+/******************************************************************************
+ Copyright (C) 2026 by Warchamp7 <[email protected]>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ ******************************************************************************/
+
+#include "ip-string.hpp"
+
+#include <arpa/inet.h>
+#include <stdio.h>
+
+bool checkForIpv4String(const std::string &path)
+{
+	sockaddr_in sa4;
+
+	return inet_pton(AF_INET, path.c_str(), &sa4.sin_addr) == 1;
+}
+
+bool checkForIpv6String(const std::string &path)
+{
+	sockaddr_in6 sa6;
+
+	return inet_pton(AF_INET6, path.c_str(), &sa6.sin6_addr) == 1;
+}

deps/ip-string-windows.cpp

@@ -0,0 +1,37 @@
+/******************************************************************************
+ Copyright (C) 2026 by Warchamp7 <[email protected]>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ ******************************************************************************/
+
+#include "ip-string.hpp"
+
+#include <stdio.h>
+#define WIN32_LEAN_AND_MEAN
+#include <winsock2.h>
+#include <ws2tcpip.h>
+
+bool checkForIpv4String(const std::string &path)
+{
+	sockaddr_in sa4;
+
+	return inet_pton(AF_INET, path.c_str(), &sa4.sin_addr) == 1;
+}
+
+bool checkForIpv6String(const std::string &path)
+{
+	sockaddr_in6 sa6;
+
+	return inet_pton(AF_INET6, path.c_str(), &sa6.sin6_addr) == 1;
+}

deps/ip-string.hpp

@@ -0,0 +1,23 @@
+/******************************************************************************
+ Copyright (C) 2026 by Warchamp7 <[email protected]>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ ******************************************************************************/
+
+#pragma once
+
+#include <string>
+
+extern bool checkForIpv4String(const std::string &path);
+extern bool checkForIpv6String(const std::string &path);

obs-browser-plugin.cpp

@@ -388,9 +388,8 @@ static void BrowserInit(void)
 		return;
 	}
 
-	/* Register http://absolute/ scheme handler for older
-	 * CEF builds which do not support file:// URLs */
-	CefRegisterSchemeHandlerFactory("http", "absolute", new BrowserSchemeHandlerFactory());
+	// Register custom scheme handler for local browser sources
+	CefRegisterSchemeHandlerFactory("obsbrowser", "file", new BrowserSchemeHandlerFactory());
 
 	os_event_signal(cef_started_event);
 }