[grid] Fixing remote execution for Edge when Java 8 client is used

diemol · diemol · commit 47a2730aee70 · 2023-04-20T19:45:59.000+02:00
diff --git a/java/src/org/openqa/selenium/edge/EdgeDriverInfo.java b/java/src/org/openqa/selenium/edge/EdgeDriverInfo.java
@@ -17,6 +17,8 @@
 package org.openqa.selenium.edge;
 
 import com.google.auto.service.AutoService;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 
 import org.openqa.selenium.Capabilities;
 import org.openqa.selenium.ImmutableCapabilities;
@@ -25,12 +27,12 @@
 import org.openqa.selenium.WebDriverException;
 import org.openqa.selenium.WebDriverInfo;
 import org.openqa.selenium.chromium.ChromiumDriverInfo;
+import org.openqa.selenium.remote.CapabilityType;
 import org.openqa.selenium.remote.service.DriverFinder;
 
 import java.util.Optional;
 
 import static org.openqa.selenium.remote.Browser.EDGE;
-import static org.openqa.selenium.remote.CapabilityType.BROWSER_NAME;
 
 @AutoService(WebDriverInfo.class)
 public class EdgeDriverInfo extends ChromiumDriverInfo {
@@ -42,7 +44,14 @@ public String getDisplayName() {
 
   @Override
   public Capabilities getCanonicalCapabilities() {
-    return new ImmutableCapabilities(BROWSER_NAME, EDGE.browserName());
+    // Allowing any origin "*" through remote-allow-origins might sound risky but an attacker
+    // would need to know the port used to start DevTools to establish a connection. Given
+    // these sessions are relatively short-lived, the risk is reduced. Also, this will be
+    // removed when we only support Java 11 and above.
+    return new ImmutableCapabilities(
+      CapabilityType.BROWSER_NAME, EDGE.browserName(),
+      EdgeOptions.CAPABILITY,
+      ImmutableMap.of("args", ImmutableList.of("--remote-allow-origins=*")));
   }
 
   @Override
