@nseaSeb The :info option is correct but unfortunately isn’t recognized by print_to_pdf, only by print_to_pdfa. There’s a ticket to resolve this Add info option to print_to_pdf/2 · Issue #200 · bitcrowd/chromic_pdf · GitHub but I can’t promise it’ll be implemented any time soon.
1 Like
Thanks for this.
Just installed it and trying to make it “print” the page the way I have it on the screen (Phoenix LiveView app btw).
In the meantime, I ran into the following Experimental warning in the docs:
“Please note that support for remote connections is considered experimental. Be aware that between restarts ChromicPDF may leave tabs behind and your external Chrome process may leak memory.”
Now, on one hand it’s recommended to have Chromium containerized separately in prod (as it should be) and on the other there’s this warning that kinda defeats the purpose.
Has there been any progress in this regard?
@DaAnalyst Not sure we recommend anywhere in the docs to have only Chrome containerized separately. In our own projects we never had it setup this way, instead we always had it bundled alongside an Elixir app in a single container. I’m aware the docs says something about running your PDF printing service separate from your “main app”, but that’s a different thing. Furthermore, unfortunately in newer Chrome versions the --remote-debugging-address option doesn’t allow binding to 0.0.0.0 anymore so you’d need to proxy traffic into the container before passing it to chrome, as suggested in this issue. So, to your “has there been progress” question: There has not and won’t be because we don’t really want to support it, and overall the “remote chrome” story won’t get any better.
To be completely honest, it also isn’t clear to me how this additional isolation of Chrome is helping security, in comparison to simply isolating the PDF printing service of your app. The attack vector would be that some user input in your templates compromises Chrome (= allows to escape its sandbox) and gives the attacker access to the container environment, but what additional impact does this have if you run a minimal Elixir app alongside Chrome there? Personally leaning strongly towards the simplicity of a “local chrome” setup over this vague security benefit.
1 Like
Thanks. I’ll explore the “printing service” (min app) option.
