Add SmartScreen as origin feature to TrustedOriginSetting spec#5596
Add SmartScreen as origin feature to TrustedOriginSetting spec#5596GittyHarsha wants to merge 3 commits into
Conversation
GittyHarsha
commented
May 19, 2026
GittyHarsha
commented
- Add COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN enum with documentation describing per-origin SmartScreen reputation check configuration.
- Update C++, .NET examples and MIDL3 enum to include SmartScreen.
Add COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN enum with documentation describing per-origin SmartScreen reputation check configuration. Update C++, .NET examples and MIDL3 enum to include SmartScreen. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR extends the TrustedOriginSetting specification to allow per-origin configuration of SmartScreen reputation checks, updating the associated Win32/C++ and .NET/WinRT examples and the MIDL3 enum to include the new origin feature.
Changes:
- Adds
COREWEBVIEW2_ORIGIN_FEATURE_SMART_SCREEN/CoreWebView2OriginFeature.SmartScreenas a configurable origin feature. - Updates C++ and .NET examples to demonstrate configuring SmartScreen per-origin.
- Expands spec documentation for SmartScreen behavior and updates
SetOriginFeaturesdocs to mention it.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| /// This configuration operates within the scope of the global SmartScreen toggle | ||
| /// controlled by `ICoreWebView2Settings8.IsReputationCheckingRequired`. | ||
| /// When `IsReputationCheckingRequired` is `false` (SmartScreen globally | ||
| /// disabled), the SmartScreen check is not active and this | ||
| /// per-origin configuration has no effect. When `IsReputationCheckingRequired` | ||
| /// is `true` (the default), this per-origin configuration controls whether | ||
| /// individual origins are exempt from SmartScreen reputation checks. |
| /// URLs and downloaded files against a cloud-based reputation service. | ||
| /// By default, SmartScreen is enabled for all origins. Setting this feature to | ||
| /// `Disabled` for an origin will skip SmartScreen reputation checks for | ||
| /// navigations and downloads from that origin, effectively allow-listing it. |
There was a problem hiding this comment.
This is a good suggestion.
david-risney
left a comment
david-risney
left a comment
There was a problem hiding this comment.
This is good, but please also address the comment about adding a note about security when disabling - that we only want to do this for known and trusted sites.
- Replace hardcoded ICoreWebView2Settings8 reference with link to IsReputationCheckingRequired docs, describe as per-WebView setting - Add security warning about disabling SmartScreen only for trusted origins - Restore COREWEBVIEW2_ORIGIN_FEATURE_STATE doc comment Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
GittyHarsha
force-pushed
the
user/harshanp/origin-settings-add-smartscreen
branch
from
a6c9e08 to
60c61d5
Compare
…quired internals Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
GittyHarsha
force-pushed
the
user/harshanp/origin-settings-add-smartscreen
branch
from
0ab4c9e to
cc3a119
Compare
|
|
||
| - AccentColor | ||
| - EnhancedSecurityMode | ||
| - SmartScreen |
There was a problem hiding this comment.
In general, we try to avoid using marketing names in APIs, since marketing names tend to be fickle. E.g. "Drag Tray" changed to "Drop Tray"., "Microsoft Stream" changed to "Clipchamp", "Azure Active Directory" changed to "Entra", "Focus Assist" changed to "Focus Session".
Could this be called ReputationChecking?
This would also align with IsReputationCheckingRequired.
| accentColorSetting.get(), | ||
| enhancedSecuritySetting.get() | ||
| enhancedSecuritySetting.get(), | ||
| smartScreenSetting.get() |
There was a problem hiding this comment.
May as well leave the trailing comma on this line so the next update will be easier.
