We now create a new instance of atom::api::DesktopCapturer for every
request instead of weirdly re-using the same instance and queuing
requests. This means there is now a 1:1 relationship between request
and DesktopCapturer so there isn't a race condition between the observer
for one request calling back before the observer of another. This is an
issue ever since the backing APIs moved to worker threads.
This also does a few things to ensure memory management
* Only ever listen to one event per-request, after that we wipe the emit
function to ignore all future events
* Ensures we clean up the window_capturer_, screen_capturer_ and
captured_sources_ in native land once the request is over.
This _in theory_ fixes a flake we've been seeing on CI where we try to
resolve the promise for a request that no longerr exists.
* fix: add boringssl backport to support node upgrade
* fix: Update node_includes.h, add DCHECK macros
* fix: Update node Debug Options parser usage
* fix: Fix asar setup
* fix: using v8Util in isolated context
* fix: make "process" available in preload scripts
* fix: use proper options parser and remove setting of _breakFirstLine
_breakFirstLine was being set on the process, but that has changed in node 12 and so is no longer needed. Node will handle it properly when --inspect-brk is provided
* chore: update node dep sha
* fix: process.binding => _linkedBinding in sandboxed isolated preload
* fix: make original-fs work with streams
* build: override node module version
* fix: use _linkedBinding in content_script/init.js
* chore: update node ref in DEPS
* build: node_module_version should be 73
* spec: clean up after a failed window count assertion
Previously when this assertion failed all tests that ran after the
failed assertion also failed. This ensure that the assertion fails for
the test that actually caused the issue but cleans up the left-over
windows so that future tests do not fail.
* fix: maintain a ref count for objects sent over remote
Previously there was a race condition where a GC could occur in the
renderer process between the main process sending a meta.id and the
renderer pulling the proxy out its weakmap to stop it being GC'ed.
This fixes that race condition by maintaining a "sent" ref count in the
object registry and a "received" ref count in the object cache on the
renderer side. The deref request now sends the number of refs the
renderer thinks it owns, if the number does not match the value in the
object registry it is assumed that there is an IPC message containing a
new reference in flight and this race condition was hit.
The browser side ref count is then reduced and we wait for the new deref
message. This guaruntees that an object will only be removed from the
registry if every reference we sent has been guarunteed to be unreffed.
By default the Chromedriver will send remote-debugging-port=0 to let the
browser choose a free port to listen on. The chosen port is written to
a known file in the user data dir that is passed to the app through the
CLI.
This PR does two things.
1. Correctly passes the USER_DATA_DIR to the remote debugging server so
it knows where to write the file
2. Adds support for --user-data-dir as we did not support that CLI
argument and Chromedriver relies on being able to tell the "browser"
where to write this file.
Fixes#17354
* refactor: use mojo for electron internal IPC
* add sender_id, drop MessageSync
* remove usages of AtomFrameMsg_Message
* iwyu
* first draft of renderer->browser direction
* refactor to reuse a single ipc interface
* implement TakeHeapSnapshot through mojo
* the rest of the owl^WtakeHeapSnapshot mojofication
* remove no-op overrides in AtomRendererClient
* delete renderer-side ElectronApiServiceImpl when its pipe is destroyed
* looks like we don't need to overlay the renderer manifest after all
* don't try to send 2 replies to a sync rpc
* undo changes to manifests.cc
* unify sandboxed + unsandboxed ipc events
* lint
* register ElectronBrowser mojo service on devtools WebContents
* fix takeHeapSnapshopt failure paths
* {electron_api => atom}::mojom
* add send_to_all to ElectronRenderer::Message
* keep interface alive until callback is called
* review comments
* use GetContext from RendererClientBase
* robustify a test that uses window.open
* MessageSync posts a task to put sync messages in the same queue as async ones
* add v8::MicrotasksScope and node::CallbackScope
* iwyu
* use weakptr to api::WebContents instead of Unretained
* make MessageSync an asynchronous message & use non-associated interface
* iwyu + comments
* remove unused WeakPtrFactory
* inline OnRendererMessage[Sync]
* cleanups & comments
* use helper methods instead of inline lambdas
* remove unneeded async in test
* add mojo to manifests deps
* add gn check for //electron/manifests and mojo
* don't register renderer side service until preload has been run
* update gn check targets list
* move interface registration back to RenderFrameCreated
* fix: match net module headers & http.IncomingMessage headers
* update net doc for cleanliness
* address feedback from review
* Update spec/api-net-spec.js
Co-Authored-By: codebytere <codebytere@github.com>
* add special cookie case
* fix: ensure dots in content script patterns aren't used as wildcards
* chore: sanitise all regexp special chars
* chore: extract to helper
* chore: fixup helper
* Execute content script in isolated world
* Inject script into newly created extension worlds
* Create new content_script_bundle for extension scripts
* Initialize chrome API in content script bundle
* Define Chrome extension isolated world ID range
1 << 20 was chosen as it provides a sufficiently large range of IDs for extensions, but also provides a large enough buffer for any user worlds in [1000, 1 << 20).
Ultimately this range can be changed if any user application raises it as an issue.
* Insert content script CSS into document
This now avoids a script wrapper to inject the style sheet. This closely matches the code used by chromium in `ScriptInjection::InjectCss`.
* Pass extension ID to isolated world via v8 private
* feat: add support for content scripts 'all_frames' option
* merged content script tests
'all_frames' test now runs on all variants of sandbox/contentIsolation configurations :D
* refactor: load electron builtin modules with process._linkedBinding
NODE_BUILTING_MODULE_CONTEXT_AWARE and process.binding are
removed in https://github.com/nodejs/node/pull/25829. This changes
uses the alternative available without any functionality change.
* chore: roll node
* Add content script injector to sandboxed renderer
* Fix 'getRenderProcessPreferences' binding to the wrong object
* Pass getRenderProcessPreferences to content-scripts-injector
* Emit document-start and document-end events in sandboxed renderer
* Use GetContext from RendererClientBase
* Prevent script context crash caused by lazily initialization
* Remove frame filtering logic for onExit callback
Since we're keeping track of which frames we've injected the bundle into, this logic is redundant.
* Add initial content script tests
* Add contextIsolation variants to content script tests
* Add set include
* Fix already loaded extension error
* Add tests for content scripts 'run_at' options
* Catch script injection eval error when CSP forbids it
This can occur in a rendered sandbox when a CSP is enabled. We'll need to switch to using isolated worlds to fix this.
* Fix content script tests not properly cleaning up extensions
* Fix lint and type errors
`powerMonitor.querySystemIdleState` and `powerMonitor.querySystemIdleTime` had async backing APIs in chromium (https://chromium-review.googlesource.com/c/chromium/src/+/1379183). However, that has changed in ch73. So, this PR deprecates the old async APIs and adds new sync APIs.
* refactor: Port inspector to TypeScript
* refactor: Add another type to inspector
* refactor: Use correct paths
* Update lib/renderer/inspector.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Implement feedback <3
* refactor: Don't define blob at all
* fix: Correct type
* refactor: Port renderer/init to TypeScript
* Update lib/renderer/init.ts
Co-Authored-By: felixrieseberg <felix@felixrieseberg.com>
* refactor: Type this a bit more loosely
* refactor: Type parseOption strictly
* refactor: Port security-warnings to TypeScript
* chore: make aliasify work on .ts files as well
* refactor: Implement feedback <3
* refactor: Correctly call executeJavaScript
* chore: make aliasify work on .ts files as well
* refactor: Port ipc-renderer-internal to TypeScript
* refactor: Correctly import internal ipcRenderer
* refactor: One more rename
* refactor: Fix one more lint issue
* refactor: Correctly reference ipcRendererInternal
* chore: refactor browser IPC into typescript
* chore: refactor app.ts into Typescript
* Refactors app.dock into cpp
* Removes app.launcher which has not existed for 3 years
* Removes 2 deprecated APIs (that have been deprecated for more than one
major)
* Refactors deprecate.ts as well
* feat: promisify webContents.savePage()
* no need to make compatible w callbacks, we're breaking it
* fix promise resolve type
* address feedback from review
* fix promise return text
* update smoke test
* refactor: Port window-setup to TS
* refactor: Make the linter happy
* refactor: Sneaky little TS error
* refactor: Correctly import window-setup
* refactor: Implement feedback <3
* refactor: Allow decorators in TS
* refactor: Use named windowSetup in isolatedRenderer
* refactor: Help TS understand
* refactor: Welp, use createEvent again
* refactor: Use the correct target in the decorator
* fix: pass result to chrome.tabs.executeScript callback
Additionally, remove `nextId` counter in favor of `originResultID` counter which is more widely used in this file.
* fix: remove need for eslint override and better match style
* chore: Add new webFrame IsolatedWorldInfo API and deprecate
* Flag deprecated methods in documentation
* address comments
* Address review comments
* remove unused variable
* Update based on review
* fix: do not create native api::WebFrame in webFrame
When reloading a page without restarting renderer process (for example
sandbox mode), the blink::WebFrame is not destroyed, but api::WebFrame
is always recreated for the new page context. This leaves a leak of
api::WebFrame.
* fix: remove spell checker when page context is released
This PR better preserves existing behavior in `deprecate.promisify()` in the cases where the promise fails. Previously, if a callback was only called with `data` instead of `err, data` and the promise was rejected, `data` would be populated with `err`, which could be confusing to users. This makes it such that `err` is called back on promise rejection if a callback is called with `err, data` a la Node.js.
* feat: promisify the Cookie API
* chore: update specs to test promisified cookies
* chore: add deprecate wrapper for cookie callback API
* docs: update docs to cookie promise changes
* chore: remove redundant namespace use
* docs: improve cookie example
* docs: restore docs for cookie callback API
* chore: restore cookie callback tests
* fix: syntax of cookie promise return types
* feat: add support for node / preloads in subframes
This feature has delibrately been built / implemented in such a way
that it has minimum impact on existing apps / code-paths.
Without enabling the new "nodeSupportInSubFrames" option basically none of this
new code will be hit.
The things that I believe need extra scrutiny are:
* Introduction of `event.reply` for IPC events and usage of `event.reply` instead of `event.sender.send()`
* Usage of `node::FreeEnvironment(env)` when the new option is enabled in order to avoid memory leaks. I have tested this quite a bit and haven't managed to cause a crash but it is still feature flagged behind the "nodeSupportInSubFrames" flag to avoid potential impact.
Closes#10569Closes#10401Closes#11868Closes#12505Closes#14035
* feat: add support preloads in subframes for sandboxed renderers
* spec: add tests for new nodeSupportInSubFrames option
* spec: fix specs for .reply and ._replyInternal for internal messages
* chore: revert change to use flag instead of environment set size
* chore: clean up subframe impl
* chore: apply suggestions from code review
Co-Authored-By: MarshallOfSound <samuel.r.attard@gmail.com>
* chore: clean up reply usage
* chore: fix TS docs generation
* chore: cleanup after rebase
* chore: rename wrap to add in event fns
Unify the behavior between default app and packaged apps:
- create default application menu unless the app has one
- default window-all-closed handling unless the app handles the event
* fix: use Chromium's determined new site instance as candidate when navigating.
When navigating to a new address, consider using Chromium's determined site instance
for the new page as it should belong to an existing browsing instance when the
navigation was triggered by window.open().
fixes 8100.
* Revert "fix: use Chromium's determined new site instance as candidate when navigating."
This reverts commit eb95f935654a2c4d4457821297670836c10fdfd5.
* fix: delegate site instance creation back to content when sandboxed.
* fix: ensure site isolation is on
* test: adapt ut for cross-site navigation
* fix: register pending processes during a navigation.
* refactor: dont call loadURL for a window constructed from an existing webContents.
* test: add sandboxed affinity UT's.
* fix: check affinity before deciding if to force a new site instance.
* chore: adapt subsequent patch.
* refactor: constify logically const methods.
* fix: do not reuse site instances when navigation redirects cross-site.
* test: ensure localStorage accessible after x-site redirect.
* test: adapt localStorage acess denied UT for site isolation.
* fix: do not send render-view-deleted for speculative frames.
* chore: amend tests after rebase.
* test: add ut for webContents' render-view-deleted emission
* fix: introduce current-render-view-deleted for current RVH's deletions.
Revert render-view-deleted to being emitted with any RVH's deletion.
current-render-view-deleted is emitted only when the RVH being deleted
is the current one.
* refactor: style and comments fixed.