* feat: Allow detection of MITM HTTPS proxies like ZScaler
For security purposes, Figma heavily restrics the origins that are
allowed to load within our Electron app. Unfortunately some corporate
environments use MITM proxies like ZScaler, which intercepts our
connection to `https://www.figma.com` and serves a redirect to e.g.
`https://gateway.zscloud.net` before finally redirecting back to
`https://www.figma.com`.
In order to detect this situation and handle it gracefully, we need to
be able to know whether or not the certificate for our own origin
(`https://www.figma.com`) is chained to a known root. We do this by
exposesing `CertVerifyResult::is_issued_by_known_root`.
If the certification verification passed without the certificate being
tied to a known root, we can safely assume that we are dealing with a
MITM proxy that has its root CA installed locally on the machine. This
means that HTTPS can't be trusted so we might as well make life easier
for corporate users by loosening our origin restrictions without any
manual steps.
* Tweak docs wording
* mac: add dialog.closeMessageBox API
* win: Implement dialog.closeMessageBox
* mac: Return cancelId with closeMessageBox
* gtk: Implement dialog.closeMessageBox
* win: Fix 32bit build
* win: Reduce the scope of lock
* fix: Build error after rebase
* feat: Use AbortSignal to close message box
* chore: silently handle duplicate ID
* win: Add more notes about the threads
* chore: apply reviews
* fix: base::NoDestructor should be warpped in function
* chore: fix style on windows
* fix: microtasks policy in CreateEnvironment
Microtasks policy should not be updated for the renderer because
`NodeBindings::CreateEnvironment` might be entered with or without
`UvRunOnce()` on stack. One of the examples of such calls is
`window.open()` which is possible to invoke while `uv_run()` is still
running (e.g. with `setImmediate()`).
All in all, it doesn't matter that much which policy we use since
`v8::MicrotasksScope` has a check for the policy in its destructor and
no commits will be made if the policy is `kExplicit`. It is important,
however, to not change the policy in the middle of `UvRunOnce()` so we
should respect whatever we currently have and move on.
Fix: #29463
* Move test to a better place
* Update spec-main/fixtures/crash-cases/setimmediate-window-open-crash/index.html
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
* Update spec-main/fixtures/crash-cases/setimmediate-window-open-crash/index.html
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
* simplify crash-case
* comment
* fix comment
Co-authored-by: Fedor Indutny <79877362+indutny-signal@users.noreply.github.com>
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
Co-authored-by: Fedor Indutny <indutny@signal.org>
* refactor: use PathProvider for user-data-dir and others
* consolidate logic for DIR_RECENT and DIR_APP_LOGS into path provider
* fix bad include
* remove debugging code
* fix build on mac
* fix build on win
* create app logs dir on both mac and non-mac
* fix: correctly handle shifted char in accelerator
* test: use actual accelerator of NSMenuItem
* chore: simplify KeyboardCodeFromStr
* chore: GetAcceleratorTextAt is testing only
* feat: emit resize edge with will-resize event
fix: wparam type
fix: private member usage on mac
docs: will-resize event edge option
refactor: 'info' -> 'details' for better type gen
* Update docs/api/browser-window.md
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* Update docs/api/browser-window.md
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* chore: bump chromium in DEPS to 92.0.4500.2
* resolve conflicts
* update patches
* chore: cherry-pick 82434206f306 from chromium (#29060)
* fix patch
* chore: bump chromium in DEPS to 92.0.4501.0
* chore: bump chromium in DEPS to 92.0.4502.0
* chore: bump chromium in DEPS to 92.0.4503.0
* chore: update patches
* 2869869: [Code Health] Refactor ListValue::Insert in gpu compositor
https://chromium-review.googlesource.com/c/chromium/src/+/2869869
* 2877924: Separate InkDropHost from InkDropHostView
https://chromium-review.googlesource.com/c/chromium/src/+/2877924
* chore: bump chromium in DEPS to 92.0.4504.0
* update patches
* Fixup for Separate InkDropHost from InkDropHostView
https://chromium-review.googlesource.com/c/chromium/src/+/2877924
* 2873469: Compute hashes of .pak files during the build, and check it at runtime.
https://chromium-review.googlesource.com/c/chromium/src/+/2873469
* 2874397: Remove flag to disable microtasks scope consistency checks
https://chromium-review.googlesource.com/c/v8/v8/+/2874397
* 2881471: Remove unneeded trace_event.h includes in headers.
https://chromium-review.googlesource.com/c/chromium/src/+/2881471
* 2844717: [Keyboard Tooltip] Rename RWHV*::SetTooltipText to UpdateTooltipUnderCursor
https://chromium-review.googlesource.com/c/chromium/src/+/2844717
* chore: bump chromium in DEPS to 92.0.4505.0
* chore: update patches
* 2883887: Retire ScopedObserver in /chrome/browser/predictors.
https://chromium-review.googlesource.com/c/chromium/src/+/2883887
* 2883694: Retire ScopedObserver in /chrome/browser.
https://chromium-review.googlesource.com/c/chromium/src/+/2883694
* fixup after merge
* fixup: Remove flag to disable microtasks scope consistency checks
* Temporarily disable setcallhandler-test.js nan test
This test should be renabled once https://github.com/electron/electron/pull/29028 lands
* Use gin_helper::MicrotasksScope instead of v8::MicrotasksScope
* chore: bump chromium in DEPS to 92.0.4506.0
* update patches
* Revert "update patches"
This reverts commit 333ec0d4c205bd3cbee28d2bc3d068871dbb900a.
* Revert "chore: bump chromium in DEPS to 92.0.4506.0"
This reverts commit 2bd52f8cd89b173c8b15a61d74fa7539cdbf574b.
* Fixup: Use gin_helper::MicrotasksScope instead of v8::MicrotasksScope
* Fixup: Use gin_helper::MicrotasksScope instead of v8::MicrotasksScope
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
* fix: prevent crash when error occurs during event emitter CallMethod
* wip: emit error event within trycatch
* fix: handle uncaught exceptions within node on web_contents init
* fix: create gin_helper::CallMethodCatchException
* test: add web-contents create crash to test cases
* test: clean up test data for web-contents crash
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* fix: convert CatchException to WebContents static helper method
* fix: restore try_catch to callsite
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
* fix: allow Node.js to manage microtasks queue
When `uv_run()` resulted in invocation of JS functions the microtask
queue checkpoint in Node's CallbackScope was a no-op because the
expected microtask queue policy was `kExplicit` and Electron ran under
`kScoped` policy. This change switches policy to `kExplicit` right
before `uv_run()` and reverts it back to original value after `uv_run()`
completes to provide better compatibility with Node.
* add comment
* fix: invoke the window open handler for _blank links
* feat: add disposition to setWindowOpenHandler details
* fix: pass postData to new-window event
* postData can be heterogeneous
* fix type of postBody
* fix type of UploadFile and UploadRawData to be discriminated unions
* exclude the empty string from additionalFeatures
* add a test
* add postBody and referrer to setWindowOpenHandler args
* appease typescript
* Update api-browser-window-spec.ts
* update snapshots
* refactor: clean up webFrame implementation to use gin wrappers
The previous implementation of webFrame in the renderer process leaked
sub-frame contexts and global objects across the context boundaries thus
making it possible for apps to either maliciously or accidentally
violate the contextIsolation boundary.
This re-implementation binds all methods in native code directly to
content::RenderFrame instances instead of relying on JS to provide a
"window" with every method request. This is much more consistent with
the rest of the Electron codebase and is substantially safer.
* chore: un-re-order for ease of review
* chore: pass isolate around instead of ErrorThrower
* chore: fix rebase typo
* chore: remove unused variables
* fix: do not throw if NativeImage conversion fails.
Throwing is an unannounced semver/major breaking change, so revert that
behavior but keep the rest of the #26546 refactor.
* test: add invalid icon test
* refactor: be explicit about when to throw or warn.
* chore: bump chromium in DEPS to 1d6b29cd85c1c3cba093b8b69b2727cc26eaac97
* update patches
* chore: use 'libvulkan.so.1' in the linux manifests
CL: https://chromium-review.googlesource.com/c/angle/angle/+/2538430
Upstream renamed libvulkan.so to libvulkan.so.1, so sync our manifests.
* chore: update expected window-open default policy.
CL: https://chromium-review.googlesource.com/c/chromium/src/+/2429247
Upstream CL contiues the work to make `strict-origin-when-cross-origin`
the default referrer policy. This commit changes our window-open tests
to expect that policy over the previous `no-referrer-when-downgrade`.
* chore: bump chromium in DEPS to 69cb7c65ad845cdab1cd5f4256237e72fceba2dd
* chore: re-export chromium patches
No code changes; just line numbers. `git am` failed because the upstream
changes were just large enough to require patching to fail w/o fuzzing.
The broken patch was
patches/chromium/feat_allow_disabling_blink_scheduler_throttling_per_renderview.patch
* update patches
* chore: bump chromium in DEPS to c6d97a240d30e5f5166856f5ae6ee14d95b9a4f0
* update patches
* fixup! chore: update expected window-open default policy.
* chore: disallow copying CppHeapCreateParams
Experimental commit to resolve FTBS https://ci.appveyor.com/project/electron-bot/electron-ljo26/builds/36405680#L25345
which introduces a new struct CppHeapCreateParams that aggregates a
vector of unique_ptrs. Our Windows CI is unhappy that this struct
implicitly deletes its copy ctor, so this commit makes it explicit.
Xref: https://chromium-review.googlesource.com/c/v8/v8/+/2536642
* update patches
* chore: bump chromium in DEPS to 0df9a85ffa0ad4711b41a089842e40b87ba88055
* update patches
* fixup! chore: bump chromium to ac06d6903a2c981ab90a8162f1ba0 (master) (#26499)
* chore: update calls to gfx::RemoveAcceleratorChar.
The call signature for gfx::RemoveAccelerator changed in
https://chromium-review.googlesource.com/c/chromium/src/+/2546471 .
This commit updates use to match that.
* chore: bump chromium in DEPS to 43d6c496251e08d3781bfadbe9727688551f74a9
* update patches
* chore: bump chromium in DEPS to 1fb5c9825be4e2271c4fef0e802f5d970b32f62f
* update patches
* chore: bump chromium in DEPS to 8a1f078d67825e727a598b89a8924699df8d3850
* chore: bump chromium in DEPS to 28ff715b3a97d8cedc143bad671edb08b6de5fc2
* chore: update patches
* Remove most service manifest remnants from Content
https://chromium-review.googlesource.com/c/chromium/src/+/2296482
* Reland "Portals: Fix a11y for orphaned portals"
https://chromium-review.googlesource.com/c/chromium/src/+/2542812
* Convert CallbackList::Subscription to a standalone class.
https://chromium-review.googlesource.com/c/chromium/src/+/2522860
* fix: actually apply the zlib patch
* chore: bump chromium in DEPS to 75b464e6357190ca302ba9ce8f8c2bf5a3b709ae
* chore: update patches
* chore: bump chromium@b884b9b2f647c59a75f5d2055030afa33d50ca10
* chore: bump chromium in DEPS to 829261dadcefdc54ce5fdf7c5fac2929786a63ce
* chore: bump chromium in DEPS to 5df3e69605c7c0130374aaccb91fc4726a558db2
* chore: bump chromium in DEPS to 22db748d5b7b90f87e6e97ef4c92a727ac753ea4
* chore: bump chromium in DEPS to 1475df80282b7eeeb0e153d8375bfe651f083bf8
* chore: bump chromium in DEPS to 6d34fe9e9b7386edd90574617bfa4008de972d72
* chore: update patches
* Disable CertVerifierService for now
2559260: Enable CertVerifierService by default | https://chromium-review.googlesource.com/c/chromium/src/+/2559260
* Remove force_ignore_site_for_cookies until we figure out what to do instead
2499162: Remove |force_ignore_site_for_cookies| from IPCs (e.g. ResourceRequest). | https://chromium-review.googlesource.com/c/chromium/src/+/2499162
* chore: bump chromium in DEPS to 95aeb1c59ebc03d19ba077b0cd707463d1b2865e
* update patches
* Set site_for_cookies to request url so that URLLoader::ShouldForceIgnoreSiteForCookies returns true
* 2490383: a11y inspect reorg: implement accessible tree formatter factory
https://chromium-review.googlesource.com/c/chromium/src/+/2490383
* 2485887: [Extensions][web_accessible_resources] Use |matches|.
https://chromium-review.googlesource.com/c/chromium/src/+/2485887
* update v8 headers
* chore: bump chromium in DEPS to 38587dc379a8cf4d4a13e482a6e89f2fe681144e
* update patches
* 2555005: [api] Simplify ScriptOrigin
https://chromium-review.googlesource.com/c/v8/v8/+/2555005
* 2563553: Remove Flash from PermissionRequestTypes and PermissionTypes.
https://chromium-review.googlesource.com/c/chromium/src/+/2563553
* 2546146: Remove browser-hosted InterfaceProvider
https://chromium-review.googlesource.com/c/chromium/src/+/2546146
* Actually apply nan patch
* update patches
* chore: bump chromium in DEPS to 6718d4b50c9db975c5642ca5b68e8dc7ee1b7615
* update patches
* 2546146: Remove browser-hosted InterfaceProvider
https://chromium-review.googlesource.com/c/chromium/src/+/2546146
* chore: bump chromium in DEPS to 338cc300e3fe3a4cb4883e9ccdc34a32f3dfe034
* chore: bump chromium in DEPS to d9baeb1d192c23ceb1e1c4bbe6af98380b263bc1
* chore: bump chromium in DEPS to 3ca3051932683739b304e721cc394b6c66f841fe
* chore: bump chromium in DEPS to 89292a4ae29096e5313aaf19dfa0c4710145c34d
* 2571639: mac: Remove code to support OS X 10.10 in //sandbox
https://chromium-review.googlesource.com/c/chromium/src/+/2571639
* Fixup patch indices
* Do not build MTLManagedObjectAdapter
It's been removed in newer Mantle versions and uses a deprecated enum
* update patches
* Remove sendToAll
https://github.com/electron/electron/pull/26771
* 2569367: Remove dead fullscreen code in RenderWidgetHostView and friends
https://chromium-review.googlesource.com/c/chromium/src/+/2569367
* Remove deprecated performFileOperation usage
* 2568359: mac: Ignore Wdeprecated-declarations for LSSharedFileList* functions.
https://chromium-review.googlesource.com/c/chromium/src/+/2568359
* 2561401: Add OutputPresenterX11 which uses X11 present extension.
https://chromium-review.googlesource.com/c/chromium/src/+/2561401
* 2565511: [objects] Remove MakeExternal case for uncached internal strings
https://chromium-review.googlesource.com/c/v8/v8/+/2565511
* fixup: Add disconnect logic to ElectronBrowserHandlerImpl
* Allow local networking override for ATS
https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html
* Refactor: clean up rfh getters in ElectronBrowserHandlerImpl
* Update patches
* Remove unneeded BindTo
* Don't assign ElectronBrowserHandlerImpl at all
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
