* fix: run toast creation on background thread
notes: attempts to fix app freeze when triggering notifications and the COM server in WindowsShellExperienceHost hangs
Co-authored-by: Jan Hannemann <jan.hannemann@outlook.com>
* fix: comments
Co-authored-by: Jan Hannemann <jan.hannemann@outlook.com>
---------
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Jan Hannemann <jan.hannemann@outlook.com>
This should fix the oom errors
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
chore: bump chromium to 144.0.7527.0 40-x-y
* chore: bump chromium in DEPS to 144.0.7527.0
* 7106405: [video pip] Fix gesture handling issues
https://chromium-review.googlesource.com/c/chromium/src/+/7106405
* 7130938: Reland "Remove some dependencies from the custom_handlers component"
https://chromium-review.googlesource.com/c/chromium/src/+/7130938
* 7139361: Rename PluginService's GetPlugins methods
https://chromium-review.googlesource.com/c/chromium/src/+/7139361
* chore: fixup patch indices
* test: fix macos webgl test | 7128438: Reland "Flip SwiftShader deprecation to launched." | https://chromium-review.googlesource.com/c/chromium/src/+/7128438
* test: update webgl test to skip on fallback adapters
* Fixup spec runner to properly fail on linux when tests fail
* test: fixup dbus tests
* test: convert shared-texture-spec from old done callback to async
Fixes Error: done() called multiple times in test <sharedTexture module import shared texture produced by osr successfully imported and rendered with subtle api> of file /__w/electron/electron/src/electron/spec/api-shared-texture-spec.ts
* test: fixup shared texture spec
* Revert "test: fixup dbus tests"
This reverts commit 3e2e720003.
* test: fixup dbus tests
* test: disable context menu spellcheck tests on linux
https://github.com/electron/electron/pull/48657 broke those tests
* disable sharedTexture tests on platforms other than macOS arm64
They were not working on other platforms previously but now they error out.
Also removed extraneous debugging.
* fix: use github.sha for yarn cache key to avoid hashFiles() composite action bug
* Use --immutable-cache to allow native module builds
* fix: wait for devtools blur event in focus test to avoid race condition
* fix: wait for devtools blur event in focus test to avoid race condition
* fix allow native module builds in spec workspace
* test:rebuild native modules
* Revert "fix allow native module builds in spec workspace"
This reverts commit ffda3be98c.
* Revert "Use --immutable-cache to allow native module builds"
This reverts commit 2e6eea4348.
* Revert "fix: use github.sha for yarn cache key to avoid hashFiles() composite action bug"
This reverts commit 33560ba0de.
---------
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
In 6399527761 we changed the path strings
that `node_modules.cc` operates on from single-byte to wide strings.
Unfortunately this means that `generic_path()` that the
"fix: ensure TraverseParent bails on resource path exit" patch was
calling was no longer a safe method to call on Windows if the underlying
string has unicode characters in it.
Here we fix it by using `ConvertGenericPathToUTF8` from the Node.js
internal utilities.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Fedor Indutny <indutny@signal.org>
* docs: explain how to load SF Symbols with `nativeImage`
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
* fix: use single quotes
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
* fix: use single quotes
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
---------
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
Make setFocusable only deactivate a window if focusable is false. Do not deactivate a window when setting focusable to true.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: vulture <isu@vulture.fm>
* docs(timelines): Correct v40.0.0 stable release date
On the Electron Timelines tutorial page (/docs/latest/tutorial/electron-timelines), there is a clear typo in the release schedule for v40.0.0.
The table currently lists the dates as:
* Alpha: 2025-Oct-30
* Beta: 2025-Dec-03
* **Stable: 2025-Oct-28**
This is logically incorrect, as the 'Stable' release date (Oct 28) is listed *before* both the 'Alpha' (Oct 30) and 'Beta' (Dec 03) dates for the same version.
This appears to be a copy-paste error, as the 'Stable' date (2025-Oct-28) is identical to the 'Stable' date for the v39.0.0 release in the preceding row.
This commit updates the 'Stable' date for v40.0.0 to its correct value, ensuring the timeline is accurate and logical.
Co-authored-by: 정승규 <43807509+jsk41755@users.noreply.github.com>
* docs: Update v40.0.0 stable date to 2026-Jan-13 based on Chromium schedule
Co-authored-by: 정승규 <43807509+jsk41755@users.noreply.github.com>
---------
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: 정승규 <43807509+jsk41755@users.noreply.github.com>
trap handlers will be initialized once the user script starts
but before app#ready. Wasm compilation before that phase will
break trap handler registeration due to the check in
v8::internal::wasm::UpdateComputedInformation. For some reason
this issue was only visible in <= 39-x-y when pdf-reader.mjs
was being loaded, maybe some module loading logic changed in >= 40-x-y
which are based on Node.js v24.x. In either case, it is best to
align the loading of wasm module required for the tests in light
of changes to how we are registering the trap handlers for the
main process.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
fix: fix the issue where the parent window remained interactive after the modal window was opened in somecases.
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Bill Shen <15865969+cucbin@users.noreply.github.com>
The install process spawn was not capturing its own signal variable,
causing the error check to incorrectly reference the build signal
instead. This could lead to:
- Install termination by signal going undetected
- False positive errors when build was killed but install succeeded
This commit ensures the install signal is properly captured and
checked, matching the pattern used for the build process.
`bringToFront` DevTools message is sent when breakpoint is triggered
or inspect is called and Chromium upon this message activates DevTools
via `DevToolsUIBindings::Delegate::ActivateWindow`:
```
void DevToolsWindow::ActivateWindow() {
if (life_stage_ != kLoadCompleted)
return;
\#if BUILDFLAG(IS_ANDROID)
NOTIMPLEMENTED();
\#else
if (is_docked_ && GetInspectedBrowserWindow())
main_web_contents_->Focus();
else if (!is_docked_ && browser_ && !browser_->window()->IsActive())
browser_->window()->Activate();
\#endif
}
```
which implements: `DevToolsUIBindings::Delegate::ActivateWindow`.
Electron also implements this interface in:
`electron::InspectableWebContents`. However it was only setting
a zoom level, therefore this commit extends it with activation
of the DevTools.
Only supported for DevTools manged by `electron::InspectableWebContents`.
Closes: #37388
If either `npm_config_electron_use_remote_checksums` or
`electron_use_remote_checksums` are set as environment variables, then
force Electron to verify with remote checksums instead of embedded ones.
Fixes#48594.
* docs: security.md mark 'Enable process sandboxing' as active by default since electron 20
* Adjusted according to feedback
* Updated according to feedback - adjusted sandbox.md
* formatting
* Fixed broken markup
* Implemented docs linting suggestions
* docs: docs/tutorial/sandbox.md - fixed typo
Co-authored-by: Erick Zhao <erick@hotmail.ca>
* docs: web-preferences.md - sandbox: mention default value and relation to nodeIntegration
---------
Co-authored-by: Erick Zhao <erick@hotmail.ca>
* chore: bump nan to 2.23.0
* Fix C++ flags passed to C compiler in NAN spec runner
Passing C++-specific flags to the C compiler caused failures building native test modules.
NAN uprgaded the version of node-gyp it uses, triggering a new codepath with the C compiler that didn't occur before. In that new branch, the C++ flags present in the CFLAGS environment variable we were passing in caused the C compiler to error out:
```
error: invalid argument '-std=c++20' not allowed with 'C'
```
The fix is to only pass C++-specific flags to the C++ compiler, and not the C compiler. This is done by separating out the CFLAGS and CXXFLAGS environment variables in our nan-spec-runner.js script.
I'm curious to know more about why each of these flags are necessary, but for now this change restores the previous behavior where native test modules could be built successfully.
* test: use v8 version check instead of node version check (patch)
* Re-enable `methodswithdata-test`
* chore: bump chromium in DEPS to 143.0.7485.0
* chore: update allow_disabling_blink_scheduler_throttling_per_renderview.patch
Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
Patch applied manually due to context shear
* Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
* chore: e patches all
* chore: check for file existence before setting utime
* chore: stop disabling kWinDelaySpellcheckServiceInit
[cleanup] Remove feature WinDelaySpellcheckServiceInit | https://chromium-review.googlesource.com/c/chromium/src/+/7012087
This flag has been removed upstream. We've used it since c2d7164 (#38248)
to fix a crash originally described in 97b353a (#34993):
> Delaying spell check initialization is causing specs for
> 'custom dictionary word list API' to fail in Electron.
Since we haven't touched this in a few years, and since there's a
clear success criteria (a passing/failing spec), and since the patch
to restore this flag would be pretty large (~750 lines), I'm going
to try just removing the flag from our source to see if the spec
passes or fails.
* Revert "chore: stop disabling kWinDelaySpellcheckServiceInit"
This reverts commit e688880396.
Unfortunately, the crash persists.
* Revert [cleanup] Remove feature WinDelaySpellcheckServiceInit | https://chromium-review.googlesource.com/c/chromium/src/+/7012087
We currently need this feature
* fixup! chore: check for file existence before setting utime
* fixup! Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
Address Robo's code review @ 64c7fd21ed
* fixup! fixup! chore: check for file existence before setting utime
fix: oops typo
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
* fix: Enable shader-f16 on Windows
* fix: include dxil.dll and dxcompiler.dll for windows x64 and arm64
* fix: modified to follow the chromium dawn build configuration
* fix: include dxil.dll and dxcompiler.dll for windows x86
* fix: Modified to avoid explicitly specifying dawn_use_built_dxc
We logged a fatal error but didn't exit with code 1 so the publish kept going. This was caught by a sanity check later down the release process but would have been quicker to fail out here.
Also adds some code to maybe workaround the underlying auth error
fix: fix launch crash when null device is disabled on Windows
add node flag node::ProcessInitializationFlags::kNoStdioInitialization
Co-authored-by: yangzuohui <yangzuohui@bytedance.com>
Co-authored-by: yangliu <yangliu.leo@bytedance.com>
* fix: wrong api call
* fix: consistency of the resize state
* fix: edge cases
* chore: add detailed comments
* fix: lint
* chore: only windows
* chore: use transparent
Dynamic ESM import in non-context-isolated preload
Extend `HostImportModuleWithPhaseDynamically`'s routing to support
Node.js import resolution in non-context-isolated preloads through
`v8_host_defined_options` length check. The length of host defined
options is distinct between Blink and Node.js and we can use it to
determine which resolver to use.
* build: update build tools to get proper exit codes from e build
xref: https://github.com/electron/build-tools/pull/759
* build: target zips directly
mksnapshot and chromedriver have issues with siso trying to run a separate build and zip step, so just target the zip target
* build: don't unzip chromedriver and mksnapshot in tests
The contents of these files are not used in testing, so we shouldn't unzip them.
perf: two minor perf refactors in InvokeIpcCallback()
1. Allocate the CallbackScope on the stack instead of the heap
2. Skip a redundant call to node::Environment::GetCurrent()
* docs: mention that webUtils should be used via preload script
* docs: suppress lint errors
* docs: clarify webUtils usage scope
* docs: exclude potentially dangerous alert() in the example code
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: make linter happy
* docs: apply suggestion
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* docs: apply suggestion
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* docs: apply suggestion
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* docs: minor change
* docs: minor change
* docs: remove preload line
---------
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* refactor: make api::Clipboard::GetClipboardBuffer() private
* refactor: move GetClipboadBuffer() into anonymous namespace
* refactor: use gin::Arguments in StopRecording()
* refactor: use gin::Arguments in ImageView::New()
* refactor: use gin::Arguments in AppendSwitch()
* refactor: use gin::Arguments WebContentsView::New()
* refactor: make gin::Arguments arg const in WrappableBase::InitWithArgs()
This makes explicit that we are using it for wrapper + isolate, not the args values
* refactor: remove gin_helper::Arguments arg from ExposeAPI()
refactor: remove gin_helper::Arguments arg from ExposeAPIInWorld()
* refactor: remove gin_helper::Arguments arg from ElectronBindings::GetSystemMemoryInfo()
* refactor: remove gin_helper::Arguments arg from preload_utils::GetBinding()
* refactor: use gin::Arguments in OpenExternal()
* refactor: use gin::Arguments in ExecuteInWorld()
* refactor: use gin::Arguments in ExecuteJavaScript()
* refactor: use gin::Arguments in InvokeNew()
* refactor: use gin::Arguments in ExecuteJavaScriptInIsolatedWorld()
* refactor: remove unused GetNextArgument() marshaller for gin_helper::Arguments
* refactor: remove unused #include gin_helper/arguments.h
* chore: remove unused gin_helper::Arguments
* fixup! refactor: use gin::Arguments in ExecuteJavaScriptInIsolatedWorld()
Xref: https://github.com/electron/electron/pull/48447
We overriden the `GetPackageJSON` in Node.js to let us read files
straight from the ASAR file instead of disk. The override works by
providing a JS method with the limitation that it should not throw a
runtime error. However, this invariant was accidentally violated by
`asar.splitPath` that sometimes contrary to its' TypeScript definition
returned `false`.
fix: macOS stop overriding private cornerMask API to fix WindowServer GPU load spike
Electron fetched a custom `_cornerMask` for `ElectronNSWindow` to smooth
vibrancy corners. On macOS 15 (Tahoe) that private hook forces the window
shadow to be rendered from a fully transparent surface, causing the
WindowServer GPU load regression. Remove the `cornerMask` property and
the `_cornerMask` override so we stay on Apple’s default shadow path.
* refactor: make api::Menu inherit from gin::Wrappable*
* refactor: make api::Menu::kWrapperInfo const
* refactor: use three-arg version of GetConstructor in Menu
refactor: undo branch changes to two-arg version of GetConstructor
* fixup! refactor: make api::Menu inherit from gin::Wrappable*
fix: return type of Menu::New
* fixup! refactor: make api::Menu inherit from gin::Wrappable*
make MenuMac's constructor public so that cppgc can use it
* refactor: Pinnable -> SelfKeepAlive
* refactor: use gin::Arguments::ThrowTypeError() in AutoUpdater::SetFeedURL()
* refactor: use gin::Arguments::ThrowTypeError() in Browser::Focus()
* refactor: use gin::Arguments::ThrowTypeError() in SystemPreferences::SetUserDefault()
* refactor: use gin::Arguments::ThrowTypeError() in UtilityProcessWrapper::Create()
* refactor: use gin::Arguments::ThrowTypeError() in UtilityProcessWrapper::PostMessage()
* refactor: use gin::Arguments::ThrowTypeError() in ElectronBundleMover::ShouldContinueMove()
* refactor: use gin::Arguments::ThrowTypeError() in OnClientCertificateSelected()
* refactor: use gin::Arguments::ThrowTypeError() in Session::ClearData()
* refactor: use gin::Arguments::ThrowTypeError() in ElectronBrowserContext::DisplayMediaDeviceChosen()
* refactor: use gin::Arguments::ThrowTypeError() in WebContents::ReplaceMisspelling()
* refactor: use gin::Arguments::ThrowTypeError() in WebContents::Print()
* chore: iwyu shell/common/gin_helper/error_thrower.h
* test: rerun failed tests individually
* ci: use screencapture-nag-remover
Needed to bypass the popup message "bash" is requesting to bypass the system private window picker and directly access your screen and audio.
* Revert "chore: test with 1st quadrant of the window"
No longer needed because of the addition of the
screencapture-nag-remover script.
This reverts commit f4a7e04c0b.
* test: fixup navigationHistory flake
* rerun test up to 3 times
* refactor: make api::Clipboard::GetClipboardBuffer() private
* refactor: move GetClipboadBuffer() into anonymous namespace
* refactor: use gin::Arguments in BaseWindow::MoveAbove()
refactor: use gin::Arguments in BaseWindow::SetAlwaysOnTop()
refactor: use gin::Arguments in BaseWindow::SetIgnoreMouseEvent()
* refactor: use gin::Arguments in BaseWindow::SetProgresBar()
* refactor: use gin::Arguments in BaseWindow::SetVisibleOnAllWorkspaces()
* refactor: use gin::Arguments in BaseWindow::SetVibrancy()
* refactor: use gin::Arguments in BaseWindow::SetAspectRatio()
* refactor: use gin::Arguments in BaseWindow::PreviewFile()
* refactor: use gin::Arguments in BaseWindow::SetThumbarButtons()
* refactor: use gin::Arguments in BaseWindow::SetBounds()
* refactor: use gin::Arguments in BaseWindow::SetContentBounds()
* refactor: use gin::Arguments in BaseWindow::SetSize()
* refactor: use gin::Arguments in BaseWindow::SetContentSize()
* refactor: use gin::Arguments in BaseWindow::SetSheetOffset()
* refactor: use gin::Arguments in BaseWindow::SetPosition()
* refactor: use gin::Arguments in BaseWindow::AddTabbedWindow()
* refactor: use gin::Arguments in BaseWindow::SetParentWindow()
* refactor: use gin::Arguments in BaseWindow::BaseWindow()
* refactor: use gin::Arguments in BaseWindow::SetAccentColor()
* refactor: use gin::Arguments in BaseWindow::SetTitleBarOverlay()
* refactor: narrow App:SetJumpList() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow WebContents::AddWorkSpace() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow ShowMessageBox() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow ShowOpenDialog() arg from gin::Arguments* to v8::Isolate*
* refactor: remove unused gin::Arguments* arg from OverrideGlobalPropertyFromIsolatedWorld()
* refactor: narrow WebContents::StartDrag() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow NetLog::StopLogging() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow Protocol::IsProtocolHandled() arg from gin::Arguments* to v8::Isolate*
* refactor: remove unused isolate arg from Debugger ctor
* refactor: make Debugger ctor, dtor public
needed for cppgc::MakeGarbageCollected()
This is what upstream does, e.g. https://chromium-review.googlesource.com/c/chromium/src/+/6722236
* fixup! refactor: remove unused isolate arg from Debugger ctor
mark Debugger ctor as explicit
* refactor: in EventEmitterMixin, handle both old and new WrapperInfo types
* refactor: make electron::api::Debugger inherit from gin::Wrappable
* refactor: add api::Debugger::GetTypeName()
* refactor: add api::Debugger::GetClassName()
* chore: bump chromium in DEPS to 141.0.7352.0
* chore: update patches
* 6830573: Revert 'Migrate WrappableWithNamedPropertyInterceptor to gin::Wrappable' | https://chromium-review.googlesource.com/c/chromium/src/+/6830573
* chore: bump chromium in DEPS to 141.0.7354.0
* chore: bump chromium in DEPS to 141.0.7356.0
* chore: bump chromium in DEPS to 141.0.7357.0
* chore: bump chromium in DEPS to 141.0.7359.0
* chore: bump chromium in DEPS to 141.0.7361.0
* 6838518: [Mac] Correctly deallocate sandbox error buffers and prevent crash resulting from nullptr assignment | https://chromium-review.googlesource.com/c/chromium/src/+/6838518
* 6850973: Reland "Use base::ByteCount in base::SysInfo." | https://chromium-review.googlesource.com/c/chromium/src/+/6850973
* 6506565: [FPF-CI] Create initial NoiseHash in the browser. | https://chromium-review.googlesource.com/c/chromium/src/+/6506565
* chore: update patches
* fixup! 6850973: Reland "Use base::ByteCount in base::SysInfo." | https://chromium-review.googlesource.com/c/chromium/src/+/6850973
* fixup! 6506565: [FPF-CI] Create initial NoiseHash in the browser. | https://chromium-review.googlesource.com/c/chromium/src/+/6506565
* fix: unsafe buffer warning in fix_properly_honor_printing_page_ranges.patch
* fix: FTBFS in src_remove_dependency_on_wrapper-descriptor-based_cppheap.patch
This change should be upstreamed.
Fixes this error:
../../third_party/electron_node/src/env.cc:606:3: error: no matching function for call to 'Wrap'
606 | v8::Object::Wrap<v8::CppHeapPointerTag::kDefaultTag>(
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1076:14: note: candidate function template not viable: cannot convert argument of incomplete type 'void *' to 'v8::Object::Wrappable *' for 3rd argument
1076 | void Object::Wrap(v8::Isolate* isolate, const v8::Local<v8::Object>& wrapper,
| ^
1077 | v8::Object::Wrappable* wrappable) {
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1084:14: note: candidate function template not viable: no known conversion from 'Local<Object>' to 'const PersistentBase<Object>' for 2nd argument
1084 | void Object::Wrap(v8::Isolate* isolate, const PersistentBase<Object>& wrapper,
| ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1093:14: note: candidate function template not viable: no known conversion from 'Local<Object>' to 'const BasicTracedReference<Object>' for 2nd argument
1093 | void Object::Wrap(v8::Isolate* isolate,
| ^
1094 | const BasicTracedReference<Object>& wrapper,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
* [v8-init] Access crash key only from main thread | https://chromium-review.googlesource.com/c/chromium/src/+/6827167
* chore: e patches all
* chore: remove chore_restore_some_deprecated_wrapper_utility_in_gin.patch from patches
this remove line got re-added when rebasing roller/chromium/main
* chore: e patches all
* fix: include base/time/time.h when using base::Time
* chore: update patches
* Make --host-rules an alias for --host-resolver-rules.
Refs https://chromium-review.googlesource.com/c/chromium/src/+/4867872
* ci: update BUILD_TOOLS_SHA
Refs https://github.com/electron/build-tools/pull/746
* [Fontations] Remove Fontations suffix from font names
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6835930
* temp: debug macOS addon build failure
* Revert "temp: debug macOS addon build failure"
This reverts commit 40bc8abab65dc83e17c4ab97cb6e7522a193fb44.
* test: run tests with Xcode 16.4
* ci: fix tccdb update for macOS 15
* spec: disable opening external application for loadURL
on macOS opening unknown external application will bring
up dialog to choose apps from application store which will
break our other test suites that want to capture screen
for pixel matching.
The loadURL spec that tests bad-scheme://foo is sufficient
that we hit the permission handler for openExternal since
at that point we already know the runtime gave up on handling
the scheme.
* chore: rebase patches
* chore: disable codesiging tests
* ci: update ScreenCaptureApprovals.plist for /bin/bash
* ci: try updating tcc permissions
* ci: update TCC permissions
Refs https://www.rainforestqa.com/blog/macos-tcc-db-deep-dive
* chore: test with 1st quadrant of the window
* chore: adjust for macOS 15 menubar height
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Keeley Hammond <vertedinde@electronjs.org>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
* build: remove no longer needed arg for siso
* chore: test ffmpeg zip
* build: fix ffmpeg build with siso
* Revert "chore: test ffmpeg zip"
This reverts commit 2bbcc86039.
* fix: Optimize the value of memory.free in the return data of getSystemMemoryInfo().
* fix: Improve the value of memory in the return data of getSystemMemoryInfo().
* fix: complete API doc.
* Update docs/api/process.md
Co-authored-by: Will Anderson <will@itsananderson.com>
* fix: update name to fileBacked.
* fix: fix with code conflict
---------
Co-authored-by: Will Anderson <will@itsananderson.com>
2025-08-20 09:49:41 +02:00
697 changed files with 32148 additions and 19665 deletions
This issue has been automatically marked as stale. **If this issue is still affecting you, please leave any comment** (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the [latest version of Electron](https://www.electronjs.org/releases/stable) or in the [beta](https://www.electronjs.org/releases/beta)—please include it with your comment!
close-issue-message:>
This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue on a [supported version of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline) please open a new issue and include instructions for reproducing the issue.
@@ -37,9 +37,9 @@ For more installation options and troubleshooting tips, see
Each Electron release provides binaries for macOS, Windows, and Linux.
* macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
* macOS (Monterey and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
* Windows (Windows 10 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was [removed in Electron 23, in line with Chromium's Windows deprecation policy](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice).
* Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
* Linux: The prebuilt binaries of Electron are built on Ubuntu 22.04. They have also been verified to work on:
@@ -8,6 +8,12 @@ The Electron team will send a response indicating the next steps in handling you
Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [npm contact form](https://www.npmjs.com/support) by selecting "I'm reporting a security vulnerability".
## Escalation
If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.
## The Electron Security Notification Process
For context on Electron's security notification process, please see the [Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md#notifications) section of the Security WG's [Membership and Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md) Governance document.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This has been adapted from https://source.chromium.org/chromium/chromium/src/+/main:build/linux/strip_binary.gni;drc=c220a41e0422d45f1657c28146d32e99cc53640b
# The notable difference is it has an option to compress the debug sections
import("//build/config/clang/clang.gni")
import("//build/toolchain/toolchain.gni")
# Extracts symbols from a binary into a symbol file.
#
# Args:
# binary_input: Path to the binary containing symbols to extract, e.g.:
# "$root_out_dir/chrome"
# symbol_output: Desired output file for symbols, e.g.:
# "$root_out_dir/chrome.debug"
# stripped_binary_output: Desired output file for stripped file, e.g.:
# "$root_out_dir/chrome.stripped"
# compress_debug_sections: If true, compress the extracted debug sections
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This has been adapted from https://source.chromium.org/chromium/chromium/src/+/main:build/linux/strip_binary.py;drc=c220a41e0422d45f1657c28146d32e99cc53640b
# The notable difference is it has an option to compress the debug sections
importargparse
importsubprocess
importsys
defmain()->int:
parser=argparse.ArgumentParser(description="Strip binary using LLVM tools.")
*`launch-failed` - Process never successfully launched
*`integrity-failure` - Windows code integrity checks failed
*`memory-eviction` - Process proactively terminated to prevent a future out-of-memory (OOM) situation
*`exitCode` number - The exit code for the process
(e.g. status from waitpid if on POSIX, from GetExitCodeProcess on Windows).
*`serviceName` string (optional) - The non-localized name of the process.
@@ -1214,6 +1215,13 @@ Disables hardware acceleration for current app.
This method can only be called before app is ready.
### `app.isHardwareAccelerationEnabled()`
Returns `boolean` - whether hardware acceleration is currently enabled.
> [!NOTE]
> This information is only usable after the `gpu-info-update` event is emitted.
### `app.disableDomainBlockingFor3DAPIs()`
By default, Chromium disables 3D APIs (e.g. WebGL) until restart on a per
@@ -1397,7 +1405,75 @@ details. Disabled by default.
This API must be called after the `ready` event is emitted.
> [!NOTE]
> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default.
> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default. Calling this method will enable the following accessibility support features: `nativeAPIs`, `webContents`, `inlineTextBoxes`, and `extendedProperties`.
@@ -1262,15 +1262,16 @@ Sets the properties for the window's taskbar button.
#### `win.setAccentColor(accentColor)` _Windows_
* `accentColor` boolean | string - The accent color for the window. By default, follows user preference in System Settings.
* `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
Sets the system accent color and highlighting of active window border.
The `accentColor` parameter accepts the following values:
* **Color string** - Sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
* **`true`** - Uses the system's default accent color from user preferences in System Settings.
* **`false`** - Explicitly disables accent color highlighting for the window.
* **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
* **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
* **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
* **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
@@ -1227,7 +1227,8 @@ Captures a snapshot of the page within `rect`. Omitting `rect` will capture the
Returns `Promise<void>` - the promise will resolve when the page has finished loading
(see [`did-finish-load`](web-contents.md#event-did-finish-load)), and rejects
if the page fails to load (see [`did-fail-load`](web-contents.md#event-did-fail-load)).
if the page fails to load (see
[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors. If the existing page has a beforeUnload handler, [`did-fail-load`](web-contents.md#event-did-fail-load) will be called unless [`will-prevent-unload`](web-contents.md#event-did-fail-load) is handled.
Same as [`webContents.loadURL(url[, options])`](web-contents.md#contentsloadurlurl-options).
@@ -1442,15 +1443,16 @@ Sets the properties for the window's taskbar button.
#### `win.setAccentColor(accentColor)` _Windows_
* `accentColor` boolean | string - The accent color for the window. By default, follows user preference in System Settings.
* `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
Sets the system accent color and highlighting of active window border.
The `accentColor` parameter accepts the following values:
* **Color string** - Sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
* **`true`** - Uses the system's default accent color from user preferences in System Settings.
* **`false`** - Explicitly disables accent color highlighting for the window.
* **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
* **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
* **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
* **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
// Enable accent color, using the color specified in System Settings.
win.setAccentColor(true)
// Disable accent color.
win.setAccentColor(false)
// Reset window accent color behavior to follow behavior set in System Settings.
win.setAccentColor(null)
```
#### `win.getAccentColor()` _Windows_
@@ -1570,11 +1575,18 @@ events.
Prevents the window contents from being captured by other apps.
On macOS it sets the NSWindow's [`sharingType`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.property?language=objc) to [`NSWindowSharingNone`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.enum/none?language=objc).
On Windows it calls [`SetWindowDisplayAffinity`](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowdisplayaffinity) with `WDA_EXCLUDEFROMCAPTURE`.
On Windows, it calls [`SetWindowDisplayAffinity`](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowdisplayaffinity) with `WDA_EXCLUDEFROMCAPTURE`.
For Windows 10 version 2004 and up the window will be removed from capture entirely,
older Windows versions behave as if `WDA_MONITOR` is applied capturing a black window.
@@ -102,6 +102,10 @@ Returns `Promise<DesktopCapturerSource[]>` - Resolves with an array of [`Desktop
## Caveats
`desktopCapturer.getSources(options)` only returns a single source on Linux when using Pipewire.
PipeWire supports a single capture for both screens and windows. If you request the window and screen type, the selected source will be returned as a window capture.
`navigator.mediaDevices.getUserMedia` does not work on macOS for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html). Chromium, and by extension Electron, does not provide this.
It is possible to circumvent this limitation by capturing system audio with another macOS app like Soundflower and passing it through a virtual audio input device. This virtual device can then be queried with `navigator.mediaDevices.getUserMedia`.
*`icon` ([NativeImage](native-image.md) | string) (optional) - Can be a
[NativeImage](native-image.md) or the file path of an icon.
*`enabled` boolean (optional) - If false, the menu item will be greyed out and
unclickable.
*`acceleratorWorksWhenHidden` boolean (optional) _macOS_ - default is `true`, and when `false` will prevent the accelerator from triggering the item if the item is not visible.
> If you want to call this API from a renderer process with context isolation enabled,
> place the API call in your preload script and
> [expose](../tutorial/context-isolation.md#after-context-isolation-enabled) it using the
> [`contextBridge`](context-bridge.md) API.
The `nativeImage` module provides a unified interface for manipulating
system images. These can be handy if you want to provide multiple scaled
versions of the same icon or take advantage of macOS [template images][template-image].
@@ -196,8 +202,7 @@ Creates a new `NativeImage` instance from `dataUrl`, a base 64 encoded [Data URL
Returns `NativeImage`
Creates a new `NativeImage` instance from the `NSImage` that maps to the
given image name. See Apple's [`NSImageName`](https://developer.apple.com/documentation/appkit/nsimagename#2901388)
documentation for a list of possible values.
given image name. See Apple's [`NSImageName`](https://developer.apple.com/documentation/appkit/nsimagename#2901388) documentation and [SF Symbols](https://developer.apple.com/sf-symbols/) for a list of possible values.
The `hslShift` is applied to the image with the following rules:
where `SYSTEM_IMAGE_NAME` should be replaced with any value from [this list](https://developer.apple.com/documentation/appkit/nsimagename?language=objc).
* `top-level-storage-access` - Allow top-level sites to request third-party cookie access on behalf of embedded content originating from another site in the same related website set using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API).
* `usb` - Expose non-standard Universal Serial Bus (USB) compatible devices services to the web with the [WebUSB API](https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API).
* `deprecated-sync-clipboard-read` _Deprecated_ - Request access to run `document.execCommand("paste")`
* `fileSystem` - Access to read, write, and file management capabilities using the [File System API](https://developer.mozilla.org/en-US/docs/Web/API/File_System_API).
* `requestingOrigin` string - The origin URL of the permission check
* `details` Object - Some properties are only available on certain permission types.
* `embeddingOrigin` string (optional) - The origin of the frame embedding the frame that made the permission check. Only set for cross-origin sub frames making permission checks.
* `securityOrigin` string (optional) - The security origin of the `media` check.
* `mediaType` string (optional) - The type of media access being requested, can be `video`,
`audio` or `unknown`
`audio` or `unknown`.
* `requestingUrl` string (optional) - The last URL the requesting frame loaded. This is not provided for cross-origin sub frames making permission checks.
* `isMainFrame` boolean - Whether the frame making the request is the main frame
* `isMainFrame` boolean - Whether the frame making the request is the main frame.
* `filePath` string (optional) - The path of a `fileSystem` request.
* `isDirectory` boolean (optional) - Whether a `fileSystem` request is a directory.
* `fileAccessType` string (optional) - The access type of a `fileSystem` request. Can be `writable` or `readable`.
Sets the handler which can be used to respond to permission checks for the `session`.
Returning `true` will allow the permission and `false` will reject it. Please note that
> Import shared textures into Electron and converts platform specific handles into [`VideoFrame`](https://developer.mozilla.org/en-US/docs/Web/API/VideoFrame). Supports all Web rendering systems, and can be transferred across Electron processes. Read [here](https://github.com/electron/electron/blob/main/shell/common/api/shared_texture/README.md) for more information.
*`options` Object - Options for importing shared textures.
*`textureInfo` [SharedTextureImportTextureInfo](structures/shared-texture-import-texture-info.md) - The information of the shared texture to import.
*`allReferencesReleased` Function (optional) - Called when all references in all processes are released. You should keep the imported texture valid until this callback is called.
Imports the shared texture from the given options.
> [!NOTE]
> This method is only available in the main process.
Returns `SharedTextureImported` - The imported shared texture.
*`options` Object - Options for sending shared texture.
*`frame` [WebFrameMain](web-frame-main.md) - The target frame to transfer the shared texture to. For `WebContents`, you can pass `webContents.mainFrame`. If you provide a `webFrameMain` that is not a main frame, you'll need to enable `webPreferences.nodeIntegrationInSubFrames` for this, since this feature requires [IPC](https://www.electronjs.org/docs/latest/api/web-frame-main#frameipc-readonly) between main and the frame.
*`importedSharedTexture` [SharedTextureImported](structures/shared-texture-imported.md) - The imported shared texture.
*`...args` any[] - Additional arguments to pass to the renderer process.
Send the imported shared texture to a renderer process. You must register a receiver at renderer process before calling this method. This method has a 1000ms timeout. Ensure the receiver is set and the renderer process is alive before calling this method.
> [!NOTE]
> This method is only available in the main process.
Returns `Promise<void>` - Resolves when the transfer is complete.
*`widgetType` string - The widget type of the texture. Can be `popup` or `frame`.
*`pixelFormat` string - The pixel format of the texture. Can be `rgba` or `bgra`.
*`pixelFormat` string - The pixel format of the texture.
*`rgba` - The texture format is 8-bit unorm RGBA.
*`bgra` - The texture format is 8-bit unorm BGRA.
*`rgbaf16` - The texture format is 16-bit float RGBA.
*`codedSize` [Size](size.md) - The full dimensions of the video frame.
*`colorSpace` [ColorSpace](color-space.md) - The color space of the video frame.
*`visibleRect` [Rectangle](rectangle.md) - A subsection of [0, 0, codedSize.width, codedSize.height]. In OSR case, it is expected to have the full section area.
*`pixelFormat` string - The pixel format of the texture.
*`bgra` - 32bpp BGRA (byte-order), 1 plane.
*`rgba` - 32bpp RGBA (byte-order), 1 plane.
*`rgbaf16` - Half float RGBA, 1 plane.
*`colorSpace` [ColorSpace](color-space.md) (optional) - The color space of the texture.
*`codedSize` [Size](size.md) - The full dimensions of the shared texture.
*`visibleRect` [Rectangle](rectangle.md) (optional) - A subsection of [0, 0, codedSize.width, codedSize.height]. In common cases, it is the full section area.
*`timestamp` number (optional) - A timestamp in microseconds that will be reflected to `VideoFrame`.
*`handle` [SharedTextureHandle](shared-texture-handle.md) - The shared texture handle.
*`getVideoFrame` Function\<[VideoFrame](https://developer.mozilla.org/en-US/docs/Web/API/VideoFrame)\> - Create a `VideoFrame` that uses the imported shared texture in the current process. You can call `VideoFrame.close()` once you've finished using the object. The underlying resources will wait for GPU finish internally.
*`release` Function - Release the resources. If you transferred and get multiple `SharedTextureImported` objects, you have to `release` every one of them. The resource on the GPU process will be destroyed when the last one is released.
*`callback` Function (optional) - Callback when the GPU command buffer finishes using this shared texture. It provides a precise event to safely release dependent resources. For example, if this object is created by `finishTransferSharedTexture`, you can use this callback to safely release the original one that called `startTransferSharedTexture` in other processes. You can also release the source shared texture that was used to `importSharedTexture` safely.
*`startTransferSharedTexture` Function\<[SharedTextureTransfer](shared-texture-transfer.md)\> - Create a `SharedTextureTransfer` that can be serialized and transferred to other processes.
*`getFrameCreationSyncToken` Function\<[SharedTextureSyncToken](shared-texture-sync-token.md)\> - This method is for advanced users. If used, it is typically called after `finishTransferSharedTexture`, and should be passed to the object which was called `startTransferSharedTexture` to prevent the source object release the underlying resource before the target object actually acquire the reference at gpu process asyncly.
*`setReleaseSyncToken` Function - This method is for advanced users. If used, this object's underlying resource will not be released until the set sync token is fulfilled at gpu process. By using sync tokens, users are not required to use release callbacks for lifetime management.
*`syncToken` [SharedTextureSyncToken](shared-texture-sync-token.md) - The sync token to set.
*`textureId` string - The unique identifier of the imported shared texture.
*`getVideoFrame` Function\<[VideoFrame](https://developer.mozilla.org/en-US/docs/Web/API/VideoFrame)\> - Create a `VideoFrame` that uses the imported shared texture in the current process. You can call `VideoFrame.close()` once you've finished using the object. The underlying resources will wait for GPU finish internally.
*`release` Function - Release this object's reference of the imported shared texture. The underlying resource will be alive until every reference is released.
*`subtle` [SharedTextureImportedSubtle](shared-texture-imported-subtle.md) - Provides subtle APIs to interact with the imported shared texture for advanced users.
*`importSharedTexture` Function\<[SharedTextureImportedSubtle](shared-texture-imported-subtle.md)\> - Imports the shared texture from the given options. Returns the imported shared texture.
*`textureInfo` [SharedTextureImportTextureInfo](shared-texture-import-texture-info.md) - The information of shared texture to import.
*`finishTransferSharedTexture` Function\<[SharedTextureImportedSubtle](shared-texture-imported-subtle.md)\> - Finishes the transfer of the shared texture and gets the transferred shared texture. Returns the imported shared texture from the transfer object.
*`transfer` [SharedTextureTransfer](shared-texture-transfer.md) - The transfer object of the shared texture.
*`transfer` string _Readonly_ - The opaque transfer data of the shared texture. This can be transferred across Electron processes.
*`syncToken` string _Readonly_ - The opaque sync token data for frame creation.
*`pixelFormat` string _Readonly_ - The pixel format of the transferring texture.
*`codedSize` [Size](size.md) _Readonly_ - The full dimensions of the shared texture.
*`visibleRect` [Rectangle](rectangle.md) _Readonly_ - A subsection of [0, 0, codedSize.width(), codedSize.height()]. In common cases, it is the full section area.
*`timestamp` number _Readonly_ - A timestamp in microseconds that will be reflected to `VideoFrame`.
Use `sharedTexture.subtle.finishTransferSharedTexture` to get [`SharedTextureImportedSubtle`](shared-texture-imported-subtle.md) back.
associated with the window, making it compatible with the Chromium
OS-level sandbox and disabling the Node.js engine. This is not the same as
the `nodeIntegration` option and the APIs available to the preload script
are more limited. Read more about the option [here](../../tutorial/sandbox.md).
are more limited. Default is `true` since Electron 20. The sandbox will
automatically be disabled when `nodeIntegration` is set to `true`.
Read more about the option [here](../../tutorial/sandbox.md).
*`session` [Session](../session.md#class-session) (optional) - Sets the session used by the
page. Instead of passing the Session object directly, you can also choose to
use the `partition` option instead, which accepts a partition string. When
@@ -87,6 +89,11 @@
paint event. Defaults to `false`. See the
[offscreen rendering tutorial](../../tutorial/offscreen-rendering.md) for
more details.
*`sharedTexturePixelFormat` string (optional) _Experimental_ - The requested output format of the shared texture. Defaults to `argb`.
The name is originated from Chromium [`media::VideoPixelFormat`](https://source.chromium.org/chromium/chromium/src/+/main:media/base/video_types.h) enum suffix and only subset of them are supported.
The actual output pixel format and color space of the texture should refer to [`OffscreenSharedTexture`](../structures/offscreen-shared-texture.md) object in the `paint` event.
*`argb` - The requested output texture format is 8-bit unorm RGBA, with SRGB SDR color space.
*`rgbaf16` - The requested output texture format is 16-bit float RGBA, with scRGB HDR color space.
*`contextIsolation` boolean (optional) - Whether to run Electron APIs and
the specified `preload` script in a separate JavaScript context. Defaults
to `true`. The context that the `preload` script runs in will only have
@@ -1079,7 +1079,7 @@ Emitted when the [mainFrame](web-contents.md#contentsmainframe-readonly), an `<i
Returns `Promise<void>` - the promise will resolve when the page has finished loading
(see [`did-finish-load`](web-contents.md#event-did-finish-load)), and rejects
if the page fails to load (see
[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors.
[`did-fail-load`](web-contents.md#event-did-fail-load)). A noop rejection handler is already attached, which avoids unhandled rejection errors. If the existing page has a beforeUnload handler, [`did-fail-load`](web-contents.md#event-did-fail-load) will be called unless [`will-prevent-unload`](web-contents.md#event-did-fail-load) is handled.
Loads the `url` in the window. The `url` must contain the protocol prefix,
e.g. the `http://` or `file://`. If the load should bypass http cache then
@@ -12,23 +12,63 @@ This document uses the following convention to categorize breaking changes:
* **Deprecated:** An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
* **Removed:** An API or feature was removed, and is no longer supported by Electron.
## Planned Breaking API Changes (40.0)
### Deprecated: `clipboard` API access from renderer processes
Using the `clipboard` API directly in the renderer process is deprecated.
If you want to call this API from a renderer process, place the API call in
your preload script and expose it using the [contextBridge](https://www.electronjs.org/docs/latest/api/context-bridge) API.
### Behavior Changed: MacOS dSYM files now compressed with tar.xz
Debug symbols for MacOS (dSYM) now use xz compression in order to handle larger file sizes. `dsym.zip` files are now
`dsym.tar.xz` files. End users using debug symbols may need to update their zip utilities.
### Deprecated: `--host-rules` command line switch
The default value of the `--ozone-plaftform` flag [changed to `auto`](https://chromium-review.googlesource.com/c/chromium/src/+/6775426) in Electron 38.
Chromium is deprecating the `--host-rules` switch.
You should use the `XDG_SESSION_TYPE=wayland` environment variable instead to use Wayland.
You should use `--host-resolver-rules` instead.
### Behavior Changed: window.open popups are always resizable
Per current [WHATWG spec](https://html.spec.whatwg.org/multipage/nav-history-apis.html#dom-open-dev), the `window.open` API will now always create a resizable popup window.
Previously, Electron changed the value of `XDG_CURRENT_DESKTOP` internally to `Unity`, and stored the original name of the desktop session
in a separate variable. `XDG_CURRENT_DESKTOP` is no longer overriden and now reflects the actual desktop environment.
### Removed: macOS 11 support
@@ -53,29 +93,6 @@ The `webFrame.findFrameByRoutingId(routingId)` function will be removed.
You should use `webFrame.findFrameByToken(frameToken)` instead.
### Behavior Changed: window.open popups are always resizable
Per current [WHATWG spec](https://html.spec.whatwg.org/multipage/nav-history-apis.html#dom-open-dev), the `window.open` API will now always create a resizable popup window.
* [clang](https://clang.llvm.org/get_started.html) 3.4 or later.
* Development headers of GTK 3 and libnotify.
Due to Electron's dependency on Chromium, prerequisites and dependencies for Electron change over time. [Chromium's documentation on building on Linux](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux/build_instructions.md) has up to date information for building Chromium on Linux. This documentation can generally
be followed for building Electron on Linux as well.
On Ubuntu >= 20.04, install the following libraries:
Other distributions may offer similar packages for installation via package
managers such as pacman. Or one can compile from source code.
Additionally, Electron's [Linux dependency installer](https://github.com/electron/build-images/blob/main/tools/install-deps.sh) can be referenced to get the current dependencies that Electron requires in addition to what Chromium installs via [build/install-deps.sh](https://chromium.googlesource.com/chromium/src/+/HEAD/build/install-build-deps.sh).
### Cross compilation
If you want to build for an `arm` target you should also install the following
dependencies:
If you want to build for an `arm` target, you can use Electron's [Linux dependency installer](https://github.com/electron/build-images/blob/main/tools/install-deps.sh) to install the additional dependencies by passing the `--arm argument`:
@@ -32,7 +32,7 @@ This table gives a general overview of where ESM is supported and which ESM load
| Main | Node.js | N/A | <ul><li> [You must use `await` generously before the app's `ready` event](#you-must-use-await-generously-before-the-apps-ready-event) </li></ul> |
| Renderer (Unsandboxed & Context Isolated) | Chromium | Node.js | <ul><li> [Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content) </li> <li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li></ul> |
| Renderer (Unsandboxed & Non Context Isolated) | Chromium | Node.js | <ul><li>[Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content)</li><li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li><li>[ESM preload scripts must be context isolated to use dynamic Node.js ESM imports](#esm-preload-scripts-must-be-context-isolated-to-use-dynamic-nodejs-esm-imports)</li></ul> |
| Renderer (Unsandboxed & Non Context Isolated) | Chromium | Node.js | <ul><li>[Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content)</li><li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li></ul> |
For a subset of Electron functionality it makes sense to disable certain features for an entire application. For example, 99% of apps don't make use of `ELECTRON_RUN_AS_NODE`, these applications want to be able to ship a binary that is incapable of using that feature. We also don't want Electron consumers building Electron from source as that is both a massive technical challenge and has a high cost of both time and money.
From a security perspective, it makes sense to disable certain unused Electron features
that are powerful but may make your app's security posture weaker. For example, any app that doesn't
use the `ELECTRON_RUN_AS_NODE` environment variable would want to disable the feature to prevent a
subset of "living off the land" attacks.
Fuses are the solution to this problem, at a high level they are "magic bits" in the Electron binary that can be flipped when packaging your Electron app to enable / disable certain features / restrictions. Because they are flipped at package time before you code sign your app the OS becomes responsible for ensuring those bits aren't flipped back via OS level code signing validation (Gatekeeper / App Locker).
We also don't want Electron consumers forking to achieve this goal, as building from source and
maintaining a fork is a massive technical challenge and costs a lot of time and money.
## Current Fuses
Fuses are the solution to this problem. At a high level, they are "magic bits" in the Electron binary
that can be flipped when packaging your Electron app to enable or disable certain features/restrictions.
Because they are flipped at package time before you code sign your app, the OS becomes responsible
for ensuring those bits aren't flipped back via OS-level code signing validation
(e.g. [Gatekeeper](https://support.apple.com/en-ca/guide/security/sec5599b66df/web) on macOS or
@@ -16,7 +29,11 @@ Fuses are the solution to this problem, at a high level they are "magic bits" in
**@electron/fuses:** `FuseV1Options.RunAsNode`
The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variable is respected or not. Please note that if this fuse is disabled then `process.fork` in the main process will not function as expected as it depends on this environmentvariable to function. Instead, we recommend that you use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a standalone Node.js process (like a Sqlite server process or similar scenarios).
The `runAsNode` fuse toggles whether the [`ELECTRON_RUN_AS_NODE`](../api/environment-variables.md)
environment variable is respected or not. With this fuse disabled, [`child_process.fork`](https://nodejs.org/api/child_process.html#child_processforkmodulepath-args-options) in the main process will not function
as expected, as it depends on this environment variable to function. Instead, we recommend that you
use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a
standalone Node.js process (e.g. a SQLite server process).
### `cookieEncryption`
@@ -24,7 +41,12 @@ The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variab
The cookieEncryption fuse toggles whether the cookie store on disk is encrypted using OS level cryptography keys. By default the sqlite database that Chromium uses to store cookies stores the values in plaintext. If you wish to ensure your apps cookies are encrypted in the same way Chrome does then you should enable this fuse. Please note it is a one-way transition, if you enable this fuse existing unencrypted cookies will be encrypted-on-write but if you then disable the fuse again your cookie store will effectively be corrupt and useless. Most apps can safely enable this fuse.
The `cookieEncryption` fuse toggles whether the cookie store on disk is encrypted using OS level
cryptography keys. By default, the SQLite database that Chromium uses to store cookies stores the
values in plaintext. If you wish to ensure your app's cookies are encrypted in the same way Chrome
does, then you should enable this fuse. Please note it is a one-way transition—if you enable this
fuse, existing unencrypted cookies will be encrypted-on-write, but subsequently disabling the fuse
later will make your cookie store corrupt and useless. Most apps can safely enable this fuse.
### `nodeOptions`
@@ -32,7 +54,11 @@ The cookieEncryption fuse toggles whether the cookie store on disk is encrypted
The nodeOptions fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions) and [`NODE_EXTRA_CA_CERTS`](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile) environment variables are respected. The `NODE_OPTIONS` environment variable can be used to pass all kinds of custom options to the Node.js runtime and isn't typically used by apps in production. Most apps can safely disable this fuse.
The `nodeOptions` fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions)
and [`NODE_EXTRA_CA_CERTS`](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile)
environment variables are respected. The `NODE_OPTIONS` environment variable can be used to pass all
kinds of custom options to the Node.js runtime and isn't typically used by apps in production.
Most apps can safely disable this fuse.
### `nodeCliInspect`
@@ -40,7 +66,9 @@ The nodeOptions fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api
The nodeCliInspect fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected or not. When disabled it also ensures that `SIGUSR1` signal does not initialize the main process inspector. Most apps can safely disable this fuse.
The `nodeCliInspect` fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected
or not. When disabled, it also ensures that `SIGUSR1` signal does not initialize the main process
inspector. Most apps can safely disable this fuse.
### `embeddedAsarIntegrityValidation`
@@ -48,9 +76,12 @@ The nodeCliInspect fuse toggles whether the `--inspect`, `--inspect-brk`, etc. f
The embeddedAsarIntegrityValidation fuse toggles an experimental feature on macOS and Windows that validates the content of the `app.asar` file when it is loaded. This feature is designed to have a minimal performance impact but may marginally slow down file reads from inside the `app.asar` archive.
The `embeddedAsarIntegrityValidation` fuse toggles a feature on macOS and Windows that validates the
content of the `app.asar` file when it is loaded. This feature is designed to have a minimal
performance impact but may marginally slow down file reads from inside the `app.asar` archive.
Most apps can safely enable this fuse.
For more information on how to use asar integrity validation please read the [Asar Integrity](asar-integrity.md) documentation.
For more information on how to use ASAR integrity validation, please read the [Asar Integrity](asar-integrity.md) documentation.
### `onlyLoadAppFromAsar`
@@ -58,7 +89,15 @@ For more information on how to use asar integrity validation please read the [As
The onlyLoadAppFromAsar fuse changes the search system that Electron uses to locate your app code. By default Electron will search in the following order `app.asar` -> `app` -> `default_app.asar`. When this fuse is enabled the search order becomes a single entry `app.asar` thus ensuring that when combined with the `embeddedAsarIntegrityValidation` fuse it is impossible to load non-validated code.
The `onlyLoadAppFromAsar` fuse changes the search system that Electron uses to locate your app code.
By default, Electron will search for this code in the following order:
1.`app.asar`
1.`app`
1.`default_app.asar`
When this fuse is enabled, Electron will _only_ search for `app.asar`. When combined with the [`embeddedAsarIntegrityValidation`](#embeddedasarintegrityvalidation) fuse, this fuse ensures that
it is impossible to load non-validated code.
### `loadBrowserProcessSpecificV8Snapshot`
@@ -66,11 +105,17 @@ The onlyLoadAppFromAsar fuse changes the search system that Electron uses to loc
The loadBrowserProcessSpecificV8Snapshot fuse changes which V8 snapshot file is used for the browser process. By default Electron's processes will all use the same V8 snapshot file. When this fuse is enabled the browser process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot. The other processes will use the V8 snapshot file that they normally do.
V8 snapshots can be useful to improve app startup performance. V8 lets you take snapshots of
initialized heaps and then load them back in to avoid the cost of initializing the heap.
V8 snapshots can be useful to improve app startup performance. V8 lets you take snapshots of initialized heaps and then load them back in to avoid the cost of initializing the heap.
The `loadBrowserProcessSpecificV8Snapshot` fuse changes which V8 snapshot file is used for the browser
process. By default, Electron's processes will all use the same V8 snapshot file. When this fuse is
enabled, the main process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot.
Other processes will use the V8 snapshot file that they normally do.
Using separate snapshots for renderer processes and the main process can improve security, especially to make sure that the renderer doesn't use a snapshot with `nodeIntegration` enabled. See [#35170](https://github.com/electron/electron/issues/35170) for details.
Using separate snapshots for renderer processes and the main process can improve security, especially
to make sure that the renderer doesn't use a snapshot with `nodeIntegration` enabled.
See [electron/electron#35170](https://github.com/electron/electron/issues/35170) for details.
### `grantFileProtocolExtraPrivileges`
@@ -78,19 +123,25 @@ Using separate snapshots for renderer processes and the main process can improve
The grantFileProtocolExtraPrivileges fuse changes whether pages loaded from the `file://` protocol are given privileges beyond what they would receive in a traditional web browser. This behavior was core to Electron apps in original versions of Electron but is no longer required as apps should be [serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead. If you aren't serving pages from `file://` you should disable this fuse.
The `grantFileProtocolExtraPrivileges` fuse changes whether pages loaded from the `file://` protocol
are given privileges beyond what they would receive in a traditional web browser. This behavior was
core to Electron apps in original versions of Electron, but is no longer required as apps should be
[serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead.
If you aren't serving pages from `file://`, you should disable this fuse.
The extra privileges granted to the `file://` protocol by this fuse are incompletely documented below:
*`file://` protocol pages can use `fetch` to load other assets over `file://`
*`file://` protocol pages can use service workers
*`file://` protocol pages have universal access granted to child frames also running on `file://` protocols regardless of sandbox settings
*`file://` protocol pages have universal access granted to child frames also running on `file://`
protocols regardless of sandbox settings
## How do I flip the fuses?
## How do I flip fuses?
### The easy way
We've made a handy module, [`@electron/fuses`](https://npmjs.com/package/@electron/fuses), to make flipping these fuses easy. Check out the README of that module for more details on usage and potential error cases.
[`@electron/fuses`](https://npmjs.com/package/@electron/fuses) is a JavaScript utility designed to make flipping these fuses easy. Check out the README of that module for more details on usage and potential error cases.
> * **Fuse Wire**: A sequence of bytes in the Electron binary used to control the fuses
> * **Sentinel**: A static known sequence of bytes you can use to locate the fuse wire
> * **Fuse Schema**: The format/allowed values for the fuse wire
* **Fuse Wire**: A sequence of bytes in the Electron binary used to control the fuses
* **Sentinel**: A static known sequence of bytes you can use to locate the fuse wire
* **Fuse Schema**: The format / allowed values for the fuse wire
Manually flipping fuses requires editing the Electron binary and modifying the fuse wire to be the
sequence of bytes that represent the state of the fuses you want.
Manually flipping fuses requires editing the Electron binary and modifying the fuse wire to be the sequence of bytes that represent the state of the fuses you want.
Somewhere in the Electron binary there will be a sequence of bytes that look like this:
Somewhere in the Electron binary, there will be a sequence of bytes that look like this:
Online and offline event detection can be implemented in both the main and renderer processes:
- **Renderer process**: Use the [`navigator.onLine`](http://html5index.org/Offline%20-%20NavigatorOnLine.html) attribute and [online/offline events](https://developer.mozilla.org/en-US/docs/Online_and_offline_events), part of standard HTML5 API.
- **Main process**: Use the [`net.isOnline()`](../api/net.md#netisonline) method or the [`net.online`](../api/net.md#netonline-readonly) property.
The `navigator.onLine` attribute returns:
*`false` if all network requests are guaranteed to fail (e.g. when disconnected from the network).
*`true` in all other cases.
-`false` if all network requests are guaranteed to fail (e.g. when disconnected from the network).
-`true` in all other cases.
Since many cases return `true`, you should treat with care situations of
getting false positives, as we cannot always assume that `true` value means
@@ -19,7 +19,27 @@ is running a virtualization software that has virtual Ethernet adapters in "alwa
connected" state. Therefore, if you want to determine the Internet access
status of Electron, you should develop additional means for this check.
## Example
## Main Process Detection
In the main process, you can use the `net` module to detect online/offline status:
```js
const{net}=require('electron')
// Method 1: Using net.isOnline()
constisOnline=net.isOnline()
console.log('Online status:',isOnline)
// Method 2: Using net.online property
console.log('Online status:',net.online)
```
Both `net.isOnline()` and `net.online` return the same boolean value with the same reliability characteristics as `navigator.onLine` - they provide a strong indicator when offline (`false`), but a `true` value doesn't guarantee successful internet connectivity.
> [!NOTE]
> The `net` module is only available after the app emits the `ready` event.
## Renderer Process Example
Starting with an HTML file `index.html`, this example will demonstrate how the `navigator.onLine` API can be used to build a connection status indicator.
@@ -84,4 +104,4 @@ After launching the Electron application, you should see the notification:
> If you need to communicate the connection status to the main process, use the [IPC renderer](../api/ipc-renderer.md) API.
> If you need to check the connection status in the main process, you can use [`net.isOnline()`](../api/net.md#netisonline) directly instead of communicating from the renderer process via [IPC](../api/ipc-renderer.md).
@@ -55,14 +55,27 @@ There are a few rules to follow for the purposes of this tutorial:
- _author_, _license_, and _description_ can be any value, but will be necessary for
[packaging][packaging] later on.
:::caution Install dependencies with a regular `node_modules` folder
Electron's packaging toolchain requires the `node_modules` folder to be physically on disk in the
way that npm installs Node dependencies. By default, [Yarn Berry](https://yarnpkg.com/) and
[pnpm](http://pnpm.io/) both use alternative installation strategies.
Therefore, you must set [`nodeLinker: node-modules`](https://yarnpkg.com/configuration/yarnrc#nodeLinker)
in Yarn or [`nodeLinker: hoisted`](https://pnpm.io/settings#nodelinker) in pnpm if you are using
those package managers.
:::
Then, install Electron into your app's **devDependencies**, which is the list of external
development-only package dependencies not required in production.
:::info Why is Electron a devDependency?
:::info Why is Electron a dev dependency?
This may seem counter-intuitive since your production code is running Electron APIs.
However, packaged apps will come bundled with the Electron binary, eliminating the need to specify
it as a production dependency.
This may seem counter-intuitive since your production code is running Electron APIs. Under the hood,
Electron's JavaScript API binds to a binary that contains its implementations. The packaging step for
Electron handles the bundling of this binary, eliminating the need to specify it as a production
dependency.
:::
@@ -70,6 +83,17 @@ it as a production dependency.
npm install electron --save-dev
```
:::warning
In order to correctly install Electron, you need to ensure that its `postinstall` lifecycle
script is able to run. This means avoiding the `--ignore-scripts` flag on npm and allowlisting
`electron` to run build scripts on other package managers.
This is likely to change in a future version of Electron. See
[electron/rfcs#22](https://github.com/electron/rfcs/pull/22) for more details.
:::
Your package.json file should look something like this after initializing your package
and installing Electron. You should also now have a `node_modules` folder containing
the Electron executable, as well as a `package-lock.json` lockfile that specifies
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
