* fix: emit IPC event in correct context if isolation and sandbox enabled
IPC events were not being delivered to renderer processes when both
`contextIsolation` and `sandbox` were enabled. This is because the
`AtomSandboxedRenderFrameObserver` class was incorrectly using the
`MainWorldScriptContext`, rather than conditionally selecting the
context based on if isolation was enabled.
Fixes#11922
* fix: use Chromium's determined new site instance as candidate when navigating.
When navigating to a new address, consider using Chromium's determined site instance
for the new page as it should belong to an existing browsing instance when the
navigation was triggered by window.open().
fixes 8100.
* Revert "fix: use Chromium's determined new site instance as candidate when navigating."
This reverts commit eb95f935654a2c4d4457821297670836c10fdfd5.
* fix: delegate site instance creation back to content when sandboxed.
* fix: ensure site isolation is on
* test: adapt ut for cross-site navigation
* fix: register pending processes during a navigation.
* refactor: dont call loadURL for a window constructed from an existing webContents.
* test: add sandboxed affinity UT's.
* fix: check affinity before deciding if to force a new site instance.
* chore: adapt subsequent patch.
* refactor: constify logically const methods.
* fix: do not reuse site instances when navigation redirects cross-site.
* test: ensure localStorage accessible after x-site redirect.
* test: adapt localStorage acess denied UT for site isolation.
* fix: do not send render-view-deleted for speculative frames.
* chore: amend tests after rebase.
* test: add ut for webContents' render-view-deleted emission
* fix: introduce current-render-view-deleted for current RVH's deletions.
Revert render-view-deleted to being emitted with any RVH's deletion.
current-render-view-deleted is emitted only when the RVH being deleted
is the current one.
* refactor: style and comments fixed.
* fix: opt into location services once device service has been started
* refactor: provide fake location provider to mock geolocation reponses
* chore: add spec for navigator.geolocation api using fake location provider
Chromium commit [03563dd163][1] changed the way that the
spellcheck-enabled status was checked, defaulting to false.
Added the first (!) test for spellchecking, too.
Fixes#13608.
[1]: 03563dd163
There's an attempt to suppress the warning in `spec/static/main.js`, which
sets `process.env.ELECTRON_DISABLE_SECURITY_WARNINGS`. However, it sets the
variable too late in the boot process: by the time that line in main.js has
run, a child zygote has already been booted. `test.py` works around this by
setting that environment variable outside of the test process, to ensure that
it gets propagated to all children.
I've been running the GN tests directly with `./out/Default/electron
electron/spec`, rather than through the wrapper script, and the
`api-debugger-spec.js` tests were failing, because they depend on a particular
log message being the first one emitted, and the CSP warning was causing that
test to fail, since it wasn't being correctly suppressed.
Instead of writing another wrapper script, this just fixes the underlying thing
that the warning is complaining about, which I think is reasonable because the
test's pass/fail depends on this specific behaviour.
* Persist defaults to webPreferences object to JS land can read the inferred values instead of just user defined values
* Test inherited default propogation
* Refactor to remove coupling from fetching values and defaults
* Test description type
* Fix up tests
* 🔧 Add security issue detection (and logs)
* 🔧 Check for it on load
* 👷 Add some tests
* 👷 Make the linter happy
* 🔧 Allow them to be enabled by force
* 📝 Make message slightly prettier
* 🔧 Fix a typo in the code comment
* 🔧 Classic mistake
* 🚀 Optimize things a bit more
* 👷 Add tests, fix tests
* 📝 Document things
* 🔧 Make linter happy
* 🔧 One more piece of cleanup
Chromium already includes the necessary plumbing to manage the
visibility properties and `visibilitychange` event so this gets rid of
most of our custom logic for `BrowserWindow` and `BrowserView`.
Note that `webview` remains unchanged and is still affected by the issues
listed below.
User facing changes:
- The `document` visibility properties and `visibilitychange` event are
now also updated/fired in response to occlusion changes on macOS. In
other words, `document.visibilityState` will now be `hidden` on macOS
if the window is occluded by another window.
- Previously, `visibilitychange` was also fired by *both* Electron and
Chromium in some cases (e.g. when hiding the window). Now it is only
fired by Chromium so you no longer get duplicate events.
- The visiblity state of `BrowserWindow`s created with `{ show: false }`
is now initially `visible` until the window is shown and hidden.
- The visibility state of `BrowserWindow`s with `backgroundThrottling`
disabled is now permanently `visible`.
This should also fix#6860 (but not for `webview`).
