Desktop: Block network requests in CEF that are not explicitly allowlisted

[timon-schelling]

No description provided.

[gemini-code-assist]

Code Review

This pull request introduces CEF request and resource request handlers (RequestHandlerImpl and ResourceRequestHandlerImpl) to control navigation and resource loading, integrating them into BrowserProcessClientImpl. The review feedback highlights critical safety and performance improvements: first, avoiding potential undefined behavior in the Clone implementations of both handlers by safely checking if the raw pointer self.object is null using as_mut() before dereferencing; second, optimizing performance by caching the allowed URL prefix with std::sync::OnceLock to prevent redundant String allocations via format! on every navigation and resource request.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[cubic-dev-ai]

3 issues found across 4 files

Confidence score: 3/5

• In desktop/src/cef/internal/request_handler.rs, RequestHandlerImpl models an initially null raw pointer and later dereferences it unsafely, so any invariant slip could become UB or a runtime crash after merge; replacing the nullable raw-pointer state with a type-safe initialization pattern (or adding strict guard checks before deref) would materially de-risk this before merging.
• In desktop/src/cef/internal/request_handler.rs, auth_credentials currently always declines authentication, which can cause valid upstream/proxy-authenticated requests to fail for users in authenticated environments; wire the callback to support expected auth flows or explicitly gate/document this behavior before merging.
• In desktop/src/cef/internal/resource_request_handler.rs, policy-blocked requests are logged at error, which is likely to inflate error telemetry and obscure real failures once deployed; lower these expected denials to a less severe log level before merging.

<sub>Reply with feedback, questions, or to request a fix.

Re-trigger cubic</sub>