diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml index 8e2f36ee152..5c15a92b580 100644 --- a/.github/workflows/canary.yml +++ b/.github/workflows/canary.yml @@ -55,6 +55,9 @@ jobs: - name: Install Chrome Canary id: browser run: node tools/download_chrome_canary.mjs $HOME/.cache/puppeteer/chrome-canary + - name: Configure permissions + if: ${{ matrix.os == 'windows-latest' }} + run: icacls $HOME/.cache/puppeteer/chrome-canary /grant "ALL APPLICATION PACKAGES:(OI)(CI)(RX)" - name: Apply Canary expectations run: node tools/merge-canary-test-expectations.mjs - name: Run all tests (for non-Linux) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 19e169a1b1a..3428124a3d1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -200,6 +200,9 @@ jobs: - name: Install Chrome if: ${{ matrix.suite != 'chrome-bidi' }} run: npm run postinstall + - name: Configure permissions + if: ${{ matrix.os == 'windows-latest' }} + run: icacls $HOME/.cache/puppeteer/chrome /grant "ALL APPLICATION PACKAGES:(OI)(CI)(RX)" - name: Setup cache for Chrome Canary binary if: ${{ matrix.suite == 'chrome-bidi' }} uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 @@ -210,6 +213,9 @@ jobs: if: ${{ matrix.suite == 'chrome-bidi' }} id: browser run: node tools/download_chrome_bidi.mjs $HOME/.cache/puppeteer/chrome-canary + - name: Configure permissions + if: ${{ matrix.suite == 'chrome-bidi' && matrix.os == 'windows-latest' }} + run: icacls $HOME/.cache/puppeteer/chrome-canary /grant "ALL APPLICATION PACKAGES:(OI)(CI)(RX)" - name: Run all tests (for non-Linux) if: ${{ matrix.os != 'ubuntu-latest' }} run: npm run test -- --shard '${{ matrix.shard }}' --test-suite ${{ matrix.suite }} --save-stats-to /tmp/artifacts/${{ github.event_name }}_INSERTID.json diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index bb98289a623..74c742ad6f3 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -51,7 +51,7 @@ You will need to reinstall `puppeteer` in order for the configuration to take effect. See [Configuring Puppeteer](./guides/configuration) for more information. -## Chrome headless doesn't launch on Windows +## Chrome doesn't launch on Windows Some [chrome policies](https://support.google.com/chrome/a/answer/7532015) might enforce running Chrome/Chromium with certain extensions. @@ -70,6 +70,34 @@ const browser = await puppeteer.launch({ > Context: > [issue 3681](https://github.com/puppeteer/puppeteer/issues/3681#issuecomment-447865342). +## Chrome reports sandbox errors on Windows + +Chrome uses sandboxes on Windows which require additional permissions on +the downloaded Chrome files. Currently, Puppeteer is not able to set +those permissions for you. + +If you encounter this issue, you will see errors like this in the browser stdout: + +``` +[24452:59820:0508/113713.058:ERROR:sandbox_win.cc(913)] Sandbox cannot access executable. Check filesystem permissions are valid. See https://bit.ly/31yqMJR.: Access is denied. (0x5) +``` + +To workaround the issue, use the icacls utility to set permissions manually: + +```powershell +icacls $HOME/.cache/puppeteer/chrome /grant "ALL APPLICATION PACKAGES:(OI)(CI)(RX)" +``` + +:::note + +In high security environments a more restrictive SID should be used such +as one from the +[installer](https://source.chromium.org/chromium/chromium/src/+/main:chrome/installer/setup/install_worker.cc;l=74). + +::: + +See https://bit.ly/31yqMJR for more details. + ## Chrome doesn't launch on Linux Make sure all the necessary dependencies are installed. You can run `ldd chrome