[REQUEST] Documentation of any security considerations around using Puppeteer in Lambda with this library #299
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to have implemented?
It would be really helpful to include some documentation around security. I'm wondering if there any security pitfalls or risks to look out for that are specific to running Chromium in Lambdas? Specifically in my case I wonder whether there's a chance that multiple concurrent Lambda invocations will share the same Chromium instance, as well as what if any profile information this version of Chromium writes to disk when run by Puppeteer. I also wonder if there's other things I haven't thought of.
For context: I'm developing an app where I need to render an authenticated page as a PDF and I plan to do that by passing through the user's auth cookie from the Lambda request to Chromium. I'm unsure if concurrent requests could end up sharing the same Chromium instance and default context (I'm using the default context currently because of #298), and therefore the same cookie storage, or whether the cookies might be written to disk.
Why would it be useful?
Documenting this would help users avoid any unintended security holes when using the library and your expertise on this would be very helpful! Happy to help write this up but had trouble finding answers to my questions.
Appreciate your work maintaining this library! 🙏
The text was updated successfully, but these errors were encountered: