[Feature Request]: support sandbox

[nianxiaoshun-dot]

What needs to be done?

When launching a browser via Playwright, sandbox should be supported. It should be an optional setting, rather than being enforced by default.

What problem does this solve?

"No sandbox" removes the browser’s sandbox protections. If the browser loads a malicious page crafted by an attacker, it could allow an attacker to take control of our backend server.
Our company requires that the sandbox be enabled; otherwise, we can’t deploy to production.

Target users/beneficiaries

Enterprise developers who need to deploy online services

Current alternatives/workarounds

No action has been taken

Proposed approach

Add a no_sandbox attribute to the BrowserConfig class which is passed in when creating a new AsyncWebCrawler instance. The no_sandbox attribute controls whether the --no-sandbox flag is used in BrowserManager._build_browser_args()

[hafezparast]

This has been implemented in PR #1875.

BrowserConfig now has a no_sandbox parameter (default True for backward compatibility):

# Default — same as before (--no-sandbox is passed)
config = BrowserConfig()

# Enterprise — enable Chromium sandbox protection
config = BrowserConfig(no_sandbox=False)

When no_sandbox=False, the --no-sandbox flag is omitted from both ManagedBrowser.build_browser_flags() and BrowserManager._build_browser_args(), allowing the browser to run with full sandbox protections.

Note: Running with sandbox enabled requires proper OS-level setup (e.g., user namespaces on Linux). Make sure your deployment environment supports it before switching.

You can test the fix now:

pip install git+https://github.com/hafezparast/crawl4ai.git@feat/maysam-configurable-sandbox-1701

Would appreciate your feedback on whether this resolves your use case! @unclecode @ntohidi ready for review.