WebView2 Rendering Engine #

Your app made with ExeOutput for PHP can utilize the Microsoft Edge WebView2 control to display application content. WebView2 is powered by the same Chromium engine as the Microsoft Edge browser, ensuring your application supports modern web standards and technologies.

Overview #

Using WebView2 offers several advantages:

• Modern & Evergreen: Your application will benefit from an up-to-date version of Chromium with regular platform updates and security patches. This ensures compatibility with the latest HTML5, CSS3, and JavaScript features.
• Enhanced Performance: WebView2 provides robust performance and speed for complex web applications.
• Access to Native Features: It allows for deep integration between your web code and the native capabilities of the Windows operating system.

👉 To use WebView2, your end-users must have the WebView2 runtime installed. If it is missing, your application will not start and will display an error message.

• The WebView2 runtime is included by default on Windows 11 and recent versions of Windows 10.
• On Windows 7, the runtime is automatically installed if Microsoft Edge is installed and Windows Update runs regularly.
• On older versions of Windows (such as Windows 8.1), the runtime will likely need to be installed manually using the evergreen installer.

The official evergreen installer, MicrosoftEdgeWebview2Setup.exe, is available in the Redist sub-directory of your ExeOutput for PHP installation. You should bundle this installer with your application’s own setup program to ensure a smooth user experience.

WebView2 and Cookie Storage #

When using the WebView2 engine, ExeOutput for PHP sets the application’s internal domain to https://heserver.example/. This is different from the https://heserver/ domain used by the CEF engine.

This change is necessary due to the stricter security policies of the underlying Microsoft Edge browser. Modern browsers, including Edge, are increasingly limiting cookie functionality for non-standard domains. Using a domain that resembles a real-world domain, like .example, ensures that cookies, sessions, and other local storage mechanisms function correctly and reliably within your application.

If you were to use a simple hostname like heserver with WebView2, you might encounter issues with session persistence and cookie-based authentication. The .example TLD is reserved for documentation and testing purposes, making it a safe and appropriate choice for this internal application domain.

WebView2 Properties #

You can configure how the WebView2 engine behaves in your ExeOutput application using the following settings.

AdditionalChromiumArgs #

Add custom Chromium command-line switches.
Example to disable GPU-accelerated video:

--disable-accelerated-video

Separate multiple switches with spaces.

AllowExternalDrop #

If enabled, allows users to drag items from outside (e.g., Windows Explorer) into the WebView.

AllowPDFSaveAs #

Controls whether the Save As command is available in the built-in PDF viewer.

AreDefaultContextMenusEnabled #

Enables the default WebView2 context menus (right-click menus). Disable to remove them and rely on your own context menu.

AutoOpenExtensions #

Allows compiled files to open in their native applications when users click links to them.

AutofillEnabled #

Enables or disables form autofill.

Custom404Error #

Uses the custom 404 page defined in Dialog Boxes for missing pages.

• If True: a 200 OK status is returned and your custom page is shown.
• If False: a standard 404 Not Found is returned and the browser’s default error page appears.

CustomUserAgent #

Sets a custom User-Agent string.

DefLocale #

Specifies the Chromium locale (language).
Locales are in CEFRuntime\locales. Example:

fr

DeveloperTools #

Enables or disables Chromium DevTools. Users can access them from the internal browser’s context menu.

DisableDragDrop #

Blocks all drag-and-drop operations in the WebView (both internal and external).
Use to prevent accidental extraction/leaks of embedded resources.

DisableFindText #

Disables the Find Text command.

DisableImgDragDrop #

Prevents dragging images out of the WebView (which otherwise saves the image to a folder and can leak compiled resources).

DisableLocalCache #

Prevents the engine from writing cache and temporary files to disk.
By default (when not disabled), a subfolder inside the User Data directory is used. See Deployment options.

ForbidDownloadMimeType #

Blocks downloads—via context menu or default handlers—for specific MIME types while still allowing playback in media elements.
Example:

application/pdf;audio/ogg;audio/x-mpg;audio/mp3;audio/mpeg;video/ogg;video/mp4;audio/webm;video/webm;audio/wav

IsBuiltInErrorPageEnabled #

If enabled, WebView2’s built-in network/navigation error pages are displayed on failures.
Can be combined with Custom404Error depending on how you want 404/other errors handled.

Muted #

Mutes all audio output from the WebView.

PDFDisableMoreOptionsMenu #

Disables the “More options” (⋯) menu in the built-in PDF viewer to reduce access to actions such as download/print (depending on viewer UI).

PinchZoomEnabled #

Enables pinch-to-zoom.

PrivateMode #

Enables private/incognito mode for the WebView instance.

ShowDownloadDialog #

Shows the default download dialog when a file download begins. Disable to suppress the dialog (downloads may be blocked unless your app handles them). Useful with the dedicated HEScript UserMain event OnDownloadComplete.

SingleSignOn #

Enables single sign-on (SSO) where supported.

SwipeNavigationEnabled #

Enables swipe gestures for back/forward navigation (touch devices/trackpads).

TrackingPrevention #

Enables tracking prevention features.

Troubleshooting CORS Problems #

If the DevTools console shows errors like:

Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.

you can temporarily disable CORS checks by adding this switch to AdditionalChromiumArgs:

--disable-web-security