Devtools internet access #153
Comments
|
Thanks for your feedback. My understanding is that most (all?) of these URLs are necessary for certain DevTools components to function. Not everything is bundled within Edge, and some less commonly-used parts can sometimes be downloaded when necessary. |
|
Hi WRFan, thanks for your feedback. I'm not really sure that any of these are "behind users backs." Both Webhint and Network Console are listed in the "Experiments" tab of the Settings tool and can be disabled. And, we have some work planned to migrate these into the "Edge DevTools Enhancements" component, which you mentioned briefly and which I'll address next. With respect to the Edge DevTools Enhancements extension: this is simply an alternative way for us to ship nonessential DevTools components, only to our customers who are using DevTools. Put differently it's a way to "pay for play" -- for the millions of customers who download Edge but don't use DevTools, they don't need to download the components that are in that package. This is implemented as a component extension (which is why you're seeing it in the extensions folder) but really doesn't have much functionally happening in the extension itself. One example of where we've leveraged the DevTools Enhancements extension is in the "Enhanced Unminification" used in the Performance and Memory tools, and in the Call Stack view of the Sources tool, in Edge 111, 113, and 114 respectively. This is supported by the TypeScript compiler. If this extension isn't available for whatever reason (for example, the Extensions service fails to install it because you're not online), then DevTools simply doesn't try to apply the transformations. I hope this helps explain what you're seeing. Thanks! |
|
Nevertheless the user should be notified that an internet connection is about to be established and be asked for permission to connect. imho. I finally found out what file connects to: https://devtools.azureedge.net/docs/115/stable.json It's this one: devtools://devtools/bundled/panels/welcome/welcome.js "115" in the url is the edge version (115.0.1851.0 in my case): After much ado I finally found the resource inside "pak_index.ini" that corresponds to it and changed it to an uncompressed version, which I can edit, then re-package the .pak file: P.S. There's also a command-line argument that's supposedly would allow the user to redirect calls to devtools to another location outside the .pak file, not sure how it works: https://peter.sh/experiments/chromium-command-line-switches |
This text was part of another issue, but was separated from the original in accordance with the admin's request
I strongly dislike how you are covertly connecting to your servers behind the users' backs. I could post tons of urls I killed inside msedge.dll, but since this is a devtools forum, I'll just mention what devtools does:
https://devtools.azureedge.net/serve_file/@31962ca1eff05d519ed4b5cffe576650f1175cc7/third_party/network-console/dist/index.html
https://devtools.azureedge.net/serve_file/@d182ed791e29fd7be1866c3c8e17e6a27cf0b52e/third_party/webhint/worker_frame.html
https://devtools.azureedge.net/serve_file/@d182ed791e29fd7be1866c3c8e17e6a27cf0b52e/third_party/network-console/dist/index.html
Also downloads some useless extensions without asking the user:
https://edge.microsoft.com/extensionwebstorebase/v1/crx
Extension ID: kfbdpdaobnofkbopebjglnaadopfikhh -> Microsoft Edge DevTools Enhancements
puts them into:
User_Dir\default\Extensions (hex address d160d06 msedge.dll 115.0.1851.0)
Also, when devtools are opened, they always connect to:
https://devtools.azureedge.net/docs/115/stable.json
which replies with a 404, ridiculous. Your server babbles something about "devtoolsfrontendstorage", whatever it is.
And I can't find out where this url is located. Inside resources.pak ? I unpacked it, but half the files in there are either encrypted or compressed with an unknown format - first two bytes header: 1E 9B , hell knows what it is, but this is the same in Chromium's resources.pak, and nobody ever bothered to find out, at least google knows nothing, so I added the entire subdomain to hosts, but I'd prefer to kill it in the programme itself.
The text was updated successfully, but these errors were encountered: