The install process spawn was not capturing its own signal variable,
causing the error check to incorrectly reference the build signal
instead. This could lead to:
- Install termination by signal going undetected
- False positive errors when build was killed but install succeeded
This commit ensures the install signal is properly captured and
checked, matching the pattern used for the build process.
`bringToFront` DevTools message is sent when breakpoint is triggered
or inspect is called and Chromium upon this message activates DevTools
via `DevToolsUIBindings::Delegate::ActivateWindow`:
```
void DevToolsWindow::ActivateWindow() {
if (life_stage_ != kLoadCompleted)
return;
\#if BUILDFLAG(IS_ANDROID)
NOTIMPLEMENTED();
\#else
if (is_docked_ && GetInspectedBrowserWindow())
main_web_contents_->Focus();
else if (!is_docked_ && browser_ && !browser_->window()->IsActive())
browser_->window()->Activate();
\#endif
}
```
which implements: `DevToolsUIBindings::Delegate::ActivateWindow`.
Electron also implements this interface in:
`electron::InspectableWebContents`. However it was only setting
a zoom level, therefore this commit extends it with activation
of the DevTools.
Only supported for DevTools manged by `electron::InspectableWebContents`.
Closes: #37388
If either `npm_config_electron_use_remote_checksums` or
`electron_use_remote_checksums` are set as environment variables, then
force Electron to verify with remote checksums instead of embedded ones.
Fixes#48594.
* docs: security.md mark 'Enable process sandboxing' as active by default since electron 20
* Adjusted according to feedback
* Updated according to feedback - adjusted sandbox.md
* formatting
* Fixed broken markup
* Implemented docs linting suggestions
* docs: docs/tutorial/sandbox.md - fixed typo
Co-authored-by: Erick Zhao <erick@hotmail.ca>
* docs: web-preferences.md - sandbox: mention default value and relation to nodeIntegration
---------
Co-authored-by: Erick Zhao <erick@hotmail.ca>
* chore: bump nan to 2.23.0
* Fix C++ flags passed to C compiler in NAN spec runner
Passing C++-specific flags to the C compiler caused failures building native test modules.
NAN uprgaded the version of node-gyp it uses, triggering a new codepath with the C compiler that didn't occur before. In that new branch, the C++ flags present in the CFLAGS environment variable we were passing in caused the C compiler to error out:
```
error: invalid argument '-std=c++20' not allowed with 'C'
```
The fix is to only pass C++-specific flags to the C++ compiler, and not the C compiler. This is done by separating out the CFLAGS and CXXFLAGS environment variables in our nan-spec-runner.js script.
I'm curious to know more about why each of these flags are necessary, but for now this change restores the previous behavior where native test modules could be built successfully.
* test: use v8 version check instead of node version check (patch)
* Re-enable `methodswithdata-test`
* chore: bump chromium in DEPS to 143.0.7485.0
* chore: update allow_disabling_blink_scheduler_throttling_per_renderview.patch
Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
Patch applied manually due to context shear
* Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
* chore: e patches all
* chore: check for file existence before setting utime
* chore: stop disabling kWinDelaySpellcheckServiceInit
[cleanup] Remove feature WinDelaySpellcheckServiceInit | https://chromium-review.googlesource.com/c/chromium/src/+/7012087
This flag has been removed upstream. We've used it since c2d7164 (#38248)
to fix a crash originally described in 97b353a (#34993):
> Delaying spell check initialization is causing specs for
> 'custom dictionary word list API' to fail in Electron.
Since we haven't touched this in a few years, and since there's a
clear success criteria (a passing/failing spec), and since the patch
to restore this flag would be pretty large (~750 lines), I'm going
to try just removing the flag from our source to see if the spec
passes or fails.
* Revert "chore: stop disabling kWinDelaySpellcheckServiceInit"
This reverts commit e688880396.
Unfortunately, the crash persists.
* Revert [cleanup] Remove feature WinDelaySpellcheckServiceInit | https://chromium-review.googlesource.com/c/chromium/src/+/7012087
We currently need this feature
* fixup! chore: check for file existence before setting utime
* fixup! Move SetSupportsDraggableRegions mojom IPC from chrome/ and extensions/ to blink/ | https://chromium-review.googlesource.com/c/chromium/src/+/7043264
Address Robo's code review @ 64c7fd21ed
* fixup! fixup! chore: check for file existence before setting utime
fix: oops typo
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
* fix: Enable shader-f16 on Windows
* fix: include dxil.dll and dxcompiler.dll for windows x64 and arm64
* fix: modified to follow the chromium dawn build configuration
* fix: include dxil.dll and dxcompiler.dll for windows x86
* fix: Modified to avoid explicitly specifying dawn_use_built_dxc
We logged a fatal error but didn't exit with code 1 so the publish kept going. This was caught by a sanity check later down the release process but would have been quicker to fail out here.
Also adds some code to maybe workaround the underlying auth error
fix: fix launch crash when null device is disabled on Windows
add node flag node::ProcessInitializationFlags::kNoStdioInitialization
Co-authored-by: yangzuohui <yangzuohui@bytedance.com>
Co-authored-by: yangliu <yangliu.leo@bytedance.com>
* fix: wrong api call
* fix: consistency of the resize state
* fix: edge cases
* chore: add detailed comments
* fix: lint
* chore: only windows
* chore: use transparent
Dynamic ESM import in non-context-isolated preload
Extend `HostImportModuleWithPhaseDynamically`'s routing to support
Node.js import resolution in non-context-isolated preloads through
`v8_host_defined_options` length check. The length of host defined
options is distinct between Blink and Node.js and we can use it to
determine which resolver to use.
* build: update build tools to get proper exit codes from e build
xref: https://github.com/electron/build-tools/pull/759
* build: target zips directly
mksnapshot and chromedriver have issues with siso trying to run a separate build and zip step, so just target the zip target
* build: don't unzip chromedriver and mksnapshot in tests
The contents of these files are not used in testing, so we shouldn't unzip them.
perf: two minor perf refactors in InvokeIpcCallback()
1. Allocate the CallbackScope on the stack instead of the heap
2. Skip a redundant call to node::Environment::GetCurrent()
* docs: mention that webUtils should be used via preload script
* docs: suppress lint errors
* docs: clarify webUtils usage scope
* docs: exclude potentially dangerous alert() in the example code
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: minor change
* docs: make linter happy
* docs: apply suggestion
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* docs: apply suggestion
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* docs: apply suggestion
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* docs: minor change
* docs: minor change
* docs: remove preload line
---------
Co-authored-by: Niklas Wenzel <dev@nikwen.de>
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
* refactor: make api::Clipboard::GetClipboardBuffer() private
* refactor: move GetClipboadBuffer() into anonymous namespace
* refactor: use gin::Arguments in StopRecording()
* refactor: use gin::Arguments in ImageView::New()
* refactor: use gin::Arguments in AppendSwitch()
* refactor: use gin::Arguments WebContentsView::New()
* refactor: make gin::Arguments arg const in WrappableBase::InitWithArgs()
This makes explicit that we are using it for wrapper + isolate, not the args values
* refactor: remove gin_helper::Arguments arg from ExposeAPI()
refactor: remove gin_helper::Arguments arg from ExposeAPIInWorld()
* refactor: remove gin_helper::Arguments arg from ElectronBindings::GetSystemMemoryInfo()
* refactor: remove gin_helper::Arguments arg from preload_utils::GetBinding()
* refactor: use gin::Arguments in OpenExternal()
* refactor: use gin::Arguments in ExecuteInWorld()
* refactor: use gin::Arguments in ExecuteJavaScript()
* refactor: use gin::Arguments in InvokeNew()
* refactor: use gin::Arguments in ExecuteJavaScriptInIsolatedWorld()
* refactor: remove unused GetNextArgument() marshaller for gin_helper::Arguments
* refactor: remove unused #include gin_helper/arguments.h
* chore: remove unused gin_helper::Arguments
* fixup! refactor: use gin::Arguments in ExecuteJavaScriptInIsolatedWorld()
Xref: https://github.com/electron/electron/pull/48447
We overriden the `GetPackageJSON` in Node.js to let us read files
straight from the ASAR file instead of disk. The override works by
providing a JS method with the limitation that it should not throw a
runtime error. However, this invariant was accidentally violated by
`asar.splitPath` that sometimes contrary to its' TypeScript definition
returned `false`.
fix: macOS stop overriding private cornerMask API to fix WindowServer GPU load spike
Electron fetched a custom `_cornerMask` for `ElectronNSWindow` to smooth
vibrancy corners. On macOS 15 (Tahoe) that private hook forces the window
shadow to be rendered from a fully transparent surface, causing the
WindowServer GPU load regression. Remove the `cornerMask` property and
the `_cornerMask` override so we stay on Apple’s default shadow path.
* refactor: make api::Menu inherit from gin::Wrappable*
* refactor: make api::Menu::kWrapperInfo const
* refactor: use three-arg version of GetConstructor in Menu
refactor: undo branch changes to two-arg version of GetConstructor
* fixup! refactor: make api::Menu inherit from gin::Wrappable*
fix: return type of Menu::New
* fixup! refactor: make api::Menu inherit from gin::Wrappable*
make MenuMac's constructor public so that cppgc can use it
* refactor: Pinnable -> SelfKeepAlive
* refactor: use gin::Arguments::ThrowTypeError() in AutoUpdater::SetFeedURL()
* refactor: use gin::Arguments::ThrowTypeError() in Browser::Focus()
* refactor: use gin::Arguments::ThrowTypeError() in SystemPreferences::SetUserDefault()
* refactor: use gin::Arguments::ThrowTypeError() in UtilityProcessWrapper::Create()
* refactor: use gin::Arguments::ThrowTypeError() in UtilityProcessWrapper::PostMessage()
* refactor: use gin::Arguments::ThrowTypeError() in ElectronBundleMover::ShouldContinueMove()
* refactor: use gin::Arguments::ThrowTypeError() in OnClientCertificateSelected()
* refactor: use gin::Arguments::ThrowTypeError() in Session::ClearData()
* refactor: use gin::Arguments::ThrowTypeError() in ElectronBrowserContext::DisplayMediaDeviceChosen()
* refactor: use gin::Arguments::ThrowTypeError() in WebContents::ReplaceMisspelling()
* refactor: use gin::Arguments::ThrowTypeError() in WebContents::Print()
* chore: iwyu shell/common/gin_helper/error_thrower.h
* test: rerun failed tests individually
* ci: use screencapture-nag-remover
Needed to bypass the popup message "bash" is requesting to bypass the system private window picker and directly access your screen and audio.
* Revert "chore: test with 1st quadrant of the window"
No longer needed because of the addition of the
screencapture-nag-remover script.
This reverts commit f4a7e04c0b.
* test: fixup navigationHistory flake
* rerun test up to 3 times
* refactor: make api::Clipboard::GetClipboardBuffer() private
* refactor: move GetClipboadBuffer() into anonymous namespace
* refactor: use gin::Arguments in BaseWindow::MoveAbove()
refactor: use gin::Arguments in BaseWindow::SetAlwaysOnTop()
refactor: use gin::Arguments in BaseWindow::SetIgnoreMouseEvent()
* refactor: use gin::Arguments in BaseWindow::SetProgresBar()
* refactor: use gin::Arguments in BaseWindow::SetVisibleOnAllWorkspaces()
* refactor: use gin::Arguments in BaseWindow::SetVibrancy()
* refactor: use gin::Arguments in BaseWindow::SetAspectRatio()
* refactor: use gin::Arguments in BaseWindow::PreviewFile()
* refactor: use gin::Arguments in BaseWindow::SetThumbarButtons()
* refactor: use gin::Arguments in BaseWindow::SetBounds()
* refactor: use gin::Arguments in BaseWindow::SetContentBounds()
* refactor: use gin::Arguments in BaseWindow::SetSize()
* refactor: use gin::Arguments in BaseWindow::SetContentSize()
* refactor: use gin::Arguments in BaseWindow::SetSheetOffset()
* refactor: use gin::Arguments in BaseWindow::SetPosition()
* refactor: use gin::Arguments in BaseWindow::AddTabbedWindow()
* refactor: use gin::Arguments in BaseWindow::SetParentWindow()
* refactor: use gin::Arguments in BaseWindow::BaseWindow()
* refactor: use gin::Arguments in BaseWindow::SetAccentColor()
* refactor: use gin::Arguments in BaseWindow::SetTitleBarOverlay()
* refactor: narrow App:SetJumpList() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow WebContents::AddWorkSpace() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow ShowMessageBox() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow ShowOpenDialog() arg from gin::Arguments* to v8::Isolate*
* refactor: remove unused gin::Arguments* arg from OverrideGlobalPropertyFromIsolatedWorld()
* refactor: narrow WebContents::StartDrag() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow NetLog::StopLogging() arg from gin::Arguments* to v8::Isolate*
* refactor: narrow Protocol::IsProtocolHandled() arg from gin::Arguments* to v8::Isolate*
* refactor: remove unused isolate arg from Debugger ctor
* refactor: make Debugger ctor, dtor public
needed for cppgc::MakeGarbageCollected()
This is what upstream does, e.g. https://chromium-review.googlesource.com/c/chromium/src/+/6722236
* fixup! refactor: remove unused isolate arg from Debugger ctor
mark Debugger ctor as explicit
* refactor: in EventEmitterMixin, handle both old and new WrapperInfo types
* refactor: make electron::api::Debugger inherit from gin::Wrappable
* refactor: add api::Debugger::GetTypeName()
* refactor: add api::Debugger::GetClassName()
* chore: bump chromium in DEPS to 141.0.7352.0
* chore: update patches
* 6830573: Revert 'Migrate WrappableWithNamedPropertyInterceptor to gin::Wrappable' | https://chromium-review.googlesource.com/c/chromium/src/+/6830573
* chore: bump chromium in DEPS to 141.0.7354.0
* chore: bump chromium in DEPS to 141.0.7356.0
* chore: bump chromium in DEPS to 141.0.7357.0
* chore: bump chromium in DEPS to 141.0.7359.0
* chore: bump chromium in DEPS to 141.0.7361.0
* 6838518: [Mac] Correctly deallocate sandbox error buffers and prevent crash resulting from nullptr assignment | https://chromium-review.googlesource.com/c/chromium/src/+/6838518
* 6850973: Reland "Use base::ByteCount in base::SysInfo." | https://chromium-review.googlesource.com/c/chromium/src/+/6850973
* 6506565: [FPF-CI] Create initial NoiseHash in the browser. | https://chromium-review.googlesource.com/c/chromium/src/+/6506565
* chore: update patches
* fixup! 6850973: Reland "Use base::ByteCount in base::SysInfo." | https://chromium-review.googlesource.com/c/chromium/src/+/6850973
* fixup! 6506565: [FPF-CI] Create initial NoiseHash in the browser. | https://chromium-review.googlesource.com/c/chromium/src/+/6506565
* fix: unsafe buffer warning in fix_properly_honor_printing_page_ranges.patch
* fix: FTBFS in src_remove_dependency_on_wrapper-descriptor-based_cppheap.patch
This change should be upstreamed.
Fixes this error:
../../third_party/electron_node/src/env.cc:606:3: error: no matching function for call to 'Wrap'
606 | v8::Object::Wrap<v8::CppHeapPointerTag::kDefaultTag>(
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1076:14: note: candidate function template not viable: cannot convert argument of incomplete type 'void *' to 'v8::Object::Wrappable *' for 3rd argument
1076 | void Object::Wrap(v8::Isolate* isolate, const v8::Local<v8::Object>& wrapper,
| ^
1077 | v8::Object::Wrappable* wrappable) {
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1084:14: note: candidate function template not viable: no known conversion from 'Local<Object>' to 'const PersistentBase<Object>' for 2nd argument
1084 | void Object::Wrap(v8::Isolate* isolate, const PersistentBase<Object>& wrapper,
| ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1093:14: note: candidate function template not viable: no known conversion from 'Local<Object>' to 'const BasicTracedReference<Object>' for 2nd argument
1093 | void Object::Wrap(v8::Isolate* isolate,
| ^
1094 | const BasicTracedReference<Object>& wrapper,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
* [v8-init] Access crash key only from main thread | https://chromium-review.googlesource.com/c/chromium/src/+/6827167
* chore: e patches all
* chore: remove chore_restore_some_deprecated_wrapper_utility_in_gin.patch from patches
this remove line got re-added when rebasing roller/chromium/main
* chore: e patches all
* fix: include base/time/time.h when using base::Time
* chore: update patches
* Make --host-rules an alias for --host-resolver-rules.
Refs https://chromium-review.googlesource.com/c/chromium/src/+/4867872
* ci: update BUILD_TOOLS_SHA
Refs https://github.com/electron/build-tools/pull/746
* [Fontations] Remove Fontations suffix from font names
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6835930
* temp: debug macOS addon build failure
* Revert "temp: debug macOS addon build failure"
This reverts commit 40bc8abab65dc83e17c4ab97cb6e7522a193fb44.
* test: run tests with Xcode 16.4
* ci: fix tccdb update for macOS 15
* spec: disable opening external application for loadURL
on macOS opening unknown external application will bring
up dialog to choose apps from application store which will
break our other test suites that want to capture screen
for pixel matching.
The loadURL spec that tests bad-scheme://foo is sufficient
that we hit the permission handler for openExternal since
at that point we already know the runtime gave up on handling
the scheme.
* chore: rebase patches
* chore: disable codesiging tests
* ci: update ScreenCaptureApprovals.plist for /bin/bash
* ci: try updating tcc permissions
* ci: update TCC permissions
Refs https://www.rainforestqa.com/blog/macos-tcc-db-deep-dive
* chore: test with 1st quadrant of the window
* chore: adjust for macOS 15 menubar height
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Keeley Hammond <vertedinde@electronjs.org>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
* build: remove no longer needed arg for siso
* chore: test ffmpeg zip
* build: fix ffmpeg build with siso
* Revert "chore: test ffmpeg zip"
This reverts commit 2bbcc86039.
* fix: Optimize the value of memory.free in the return data of getSystemMemoryInfo().
* fix: Improve the value of memory in the return data of getSystemMemoryInfo().
* fix: complete API doc.
* Update docs/api/process.md
Co-authored-by: Will Anderson <will@itsananderson.com>
* fix: update name to fileBacked.
* fix: fix with code conflict
---------
Co-authored-by: Will Anderson <will@itsananderson.com>
* chore: bump chromium in DEPS to 140.0.7330.0
* chore: bump chromium in DEPS to 140.0.7331.0
* chore: update patches
* fix: gn check failing on crashpad.h
Not yet sure what caused this
* fix: predictors::PreconnectManager -> content::PreconnectManager
CL: https://chromium-review.googlesource.com/c/chromium/src/+/6788473
* chore: bump chromium in DEPS to 140.0.7333.0
* chore: bump chromium in DEPS to 140.0.7335.0
* chore: bump chromium in DEPS to 140.0.7337.0
* chore: update patches
* chore: restore some gin utility
* 6804057: [Extensions] Validate nodoc is specified as a boolean in schemas
https://chromium-review.googlesource.com/c/chromium/src/+/6804057
* fixup! chore: restore some gin utility
* fixup! fix: predictors::PreconnectManager -> content::PreconnectManager CL: https://chromium-review.googlesource.com/c/chromium/src/+/6788473
* 6772346: Reset MouseWheelPhaseHandler state when trackpoint scroll is detected
https://chromium-review.googlesource.com/c/chromium/src/+/6772346
Not certain about what the "correct" argument to pass here is. A quick dive into the CL suggests that passing `false` is safe to keep things working. The blast radius if this assumption is wrong is that "fling" scroll gestures may not work as expected with the OSR.
* 6789383: Uninstall SODA language pack after 30 days of inactivity
https://chromium-review.googlesource.com/c/chromium/src/+/6789383
* chore: update libcxx filenames
* chore: bump chromium in DEPS to 140.0.7339.0
* chore: update patches
* fixup! 6772346: Reset MouseWheelPhaseHandler state when trackpoint scroll is detected https://chromium-review.googlesource.com/c/chromium/src/+/6772346
* chore: bump chromium in DEPS to 140.0.7339.2
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Samuel Maddock <smaddock@slack-corp.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: clavin <clavin@electronjs.org>
* refactor: remove GetIsolate() calls from SetPrivate()
* refactor: remove excess GetIsolate() calls in PassValueToOtherContextInner()
* refactor: remove GetIsolate() calls from GetPrivate()
* refactor: add a v8::Isolate* local to ProxyFunctionWrapper()
* refactor: remove error_context->GetIsolate() call from PassValueToOtherContextInner()
* refactor: remove GetIsolate() call from ProxyFunctionWrapper()
* refactor: pass source and destination isolate as arg to CreateProxyForAPI()
* chore: move gin::DeprecatedWrappable to gin_helper
This is in preparation for migrating to gin::Wrappable
based on cppgc #47922
The upstream class will be deleted soon via roller PR but
the cppgc migration should happen outside the roll, this
change retains the current functionality by copying the
implementation into //electron/shell/common/gin_helper.
The class can be deleted once the cppgc migration is complete.
* chore: fix lint:cpp
* feat: Use DIR_ASSETS path to locate resource bundles
* Use DIR_ASSETS for calculating ASAR relative paths
* Add test to verify 'assets' matches parent dir of 'exe'
* Add Mac-specific test for assets path (but it is failing)
* test: Update app.getPath('assets') to expect an exception on Mac
* docs: Update docs for 'assets' path to indicate that it's only available on Windows + Linux
* fix: Don't define 'assets' mapping on macOS
* feat: add setAccentColor on Windows
* refactor: unify GetSystemAccentColor
* refactor: remove redundant parsing
* chore: fixup documentation
* Update docs/api/browser-window.md
Co-authored-by: Will Anderson <andersonw@dropbox.com>
* Update docs/api/base-window.md
Co-authored-by: Will Anderson <andersonw@dropbox.com>
---------
Co-authored-by: Will Anderson <andersonw@dropbox.com>
* feat: webFrameMain.fromFrameToken
* refactor: return null instead of undefined
* docs: mention renderer webFrame property
* chore: undo null->undefined in wfm.fromId api
this will be updated in another pr
* refactor: add a v8::Isolate* arg to RendererClientBase::IsWebViewFrame()
Needed for creating gin dictionaries
refactor: add a v8::Isolate* arg to ShouldLoadPreload()
Needed for calling IsWebViewFrame()
* refactor: add a v8::Isolate* arg to electron::util::CompileAndCall()
* refactor: add a v8::Isolate* arg to OnCreatePreloadableV8Context()
* refactor: add a v8::Isolate* arg to InvokeEmitProcessEvent()
* refactor: add a v8::Isolate* arg to ServiceWorkerData's constructor
* refactor: add a v8::Isolate* arg to RendererClientBase::SetupMainWorldOverrides()
* refactor: add a v8::Isolate* arg to RendererClientBase::WilLReleaseScriptContext()
* docs: update docs to avoid v8::Context::GetIsolate()
* refactor: add a v8::Isolate* arg to ElectronSandboxedRendererClient::InitializeBindings()
* refactor: avoid v8::Context::GetIsolate() call in PromiseBase::SettleScope::~SettleScope()
* refactor: add a v8::Isolate* arg to Constructible::GetConstructor()
* refactor: add a v8::Isolate* arg to NodeBindings::Initialize()
This is needed for the GetConstructor() call
* refactor: avoid v8::Context::GetIsolate() call in GetIpcObject() by taking it as an arg
* refactor: avoid v8::Context::GetIsolate() call in ipc_native::EmitIPCEvent() by taking it as an arg
* refactor: pass an isolate when calling GetCreationContextChecked() in V8FunctionInvoker
* refactor: pass an isolate when calling GetCreationContextChecked() in RendererClientBase
* refactor: pass an isolate when calling GetCreationContextChecked() in ScriptExecutionCallback::Completed()
* refactor: pass an isolate when calling GetCreationContextChecked() in ScriptExecutionCallback::CopyResultToCallingContextAndFinalize()
* refactor: pass an isolate when calling GetCreationContextChecked() in electron::GetRenderFrame()
* refactor: pass an isolate when calling GetCreationContextChecked() in gin_helper::internal::CallMethodWithArgs()
* refactor: pass an isolate when calling GetCreationContextChecked() in OverrideGlobalPropertyFromIsolatedWorld()
* refactor: pass an isolate when calling GetCreationContextChecked() in OverrideGlobalValueFromIsolatedWorld()
* refactor: pass an isolate when calling GetCreationContextChecked() in ProxyFunctionWrapper()
* refactor: pass an isolate when calling GetCreationContextChecked() in PassValueToOtherContextInner()
* fixup! refactor: pass an isolate when calling GetCreationContextChecked() in electron::GetRenderFrame()
* build: extend Chromium options in bug report template
As predicted by @dsanders11 and others, we got a bunch of bug reports with clearly incorrect values for "does this issue appear in Chromium?" because people didn't test or didn't know how to test.
This PR adds an "I didn't know how to test" option.
* build: update wording to use present tense
* test: cleanup RenderFrame lifespan tests
* test: disable navigator.serial tests on arm64 mac
debug the hang
test: disable navigator.bluetooth on arm64 mac
Revert "test: disable navigator.bluetooth on arm64 mac"
This reverts commit 4b53a8485a5ff391832c7da93d859f1aa8722e70.
Revert "debug the hang"
This reverts commit 00338f0d49a7918224822087b4510fa9db0686c3.
Revert "test: disable navigator.serial tests on arm64 mac"
This reverts commit fb515ce447a9d42185e84b17b460e4fb6d1bf71d.
Reapply "test: disable navigator.serial tests on arm64 mac"
This reverts commit 0e5608108ffebbe8b8b27af9ea06aadae2ea85dd.
Reapply "test: disable navigator.bluetooth on arm64 mac"
This reverts commit f4c7d3fc0624a22421cba5d3d75df8c5d4367eea.
fixup
* test: add waitUntil for flaky test
* build: Add platform-specific if conditions to the source sets in chromium_src.
* build: Add platform-specific if conditions to the source sets in chromium_src.
* build: cleanup symlinks in cache
* build: ignore broken links
* try --ignore-failed-read
* build: dont deref symlinks
* build: add flag to 7zip to resolve symlink error
Needed to ignore Dangerous symbolic link path was ignored errors
* Revert "build: cleanup symlinks in cache"
This reverts commit 69e53cdc88.
* build: reenable v8_enable_temporal_support
* ci: test with increased vm map count
* chore: backport PA use fewer vmas by default on linux
* chore: update patches
* Revert "ci: test with increased vm map count"
This reverts commit b626c9a5ab7ad3f01e17d77c330abfd8096a8b02.
* ci: remove logs
---------
Co-authored-by: patchup[bot] <73610968+patchup[bot]@users.noreply.github.com>
* perf: replace string temporary with string_view in GetXdgAppId()
* perf: replace string temporary with string_view in ToV8(WindowOpenDisposition)
* perf: replace string temporary with string_view in ToV8(electron::api::WebContents::Type)
fix: window.open popups are always resizable
Closes https://github.com/electron/electron/issues/43591.
Per current WHATWG spec, the `window.open` API should always
create a resizable popup window. This change updates the
`parseFeaturesString` function to ensure that windows opened
with `window.open` are always resizable, regardless of the
`resizable` feature string.
* refactor: extract-constant for registry key in GetProcessExecPath()
* refactor: extract-constant for registry key in Browser::SetLoginItemSettings()
* refactor: extract-constant for registry key in Browser::SetLoginItemSettings()
* refactor: extract-constant for registry key in Browser::GetLoginItemSettings()
* chore: document the symbolic constants
* refactor: prefer base::wcstring_view::c_str() to data() to make zero-termination clearer
* refactor: local functions GetPrivate(), SetPrivate() now take std::string_views
* refactor: make local keys std::string_views instead of C-style char arrays
* refactor: make local keys constexpr
* refactor: move local keys into local anonymous namespace
description:What is the last version of Electron this worked in, if applicable?
placeholder:16.0.0
- type:dropdown
attributes:
label:Does the issue also appear in Chromium / Google Chrome?
description:If it does, please report the issue in the [Chromium issue tracker](https://issues.chromium.org/issues), not against Electron. Electron will inherit the fix once Chromium resolves the issue.
printf "<!-- no-dependency-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-
This issue has been automatically marked as stale. **If this issue is still affecting you, please leave any comment** (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the [latest version of Electron](https://www.electronjs.org/releases/stable) or in the [beta](https://www.electronjs.org/releases/beta)—please include it with your comment!
close-issue-message:>
This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue on a [supported version of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline) please open a new issue and include instructions for reproducing the issue.
@@ -39,7 +39,7 @@ Each Electron release provides binaries for macOS, Windows, and Linux.
* macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
* Windows (Windows 10 and up): Electron provides `ia32` (`x86`), `x64` (`amd64`), and `arm64` binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was [removed in Electron 23, in line with Chromium's Windows deprecation policy](https://www.electronjs.org/blog/windows-7-to-8-1-deprecation-notice).
* Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
* Linux: The prebuilt binaries of Electron are built on Ubuntu 22.04. They have also been verified to work on:
@@ -8,6 +8,12 @@ The Electron team will send a response indicating the next steps in handling you
Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [npm contact form](https://www.npmjs.com/support) by selecting "I'm reporting a security vulnerability".
## Escalation
If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at `security@lists.openjsf.org`.
If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.
## The Electron Security Notification Process
For context on Electron's security notification process, please see the [Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md#notifications) section of the Security WG's [Membership and Notifications](https://github.com/electron/governance/blob/main/wg-security/membership-and-notifications.md) Governance document.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This has been adapted from https://source.chromium.org/chromium/chromium/src/+/main:build/linux/strip_binary.gni;drc=c220a41e0422d45f1657c28146d32e99cc53640b
# The notable difference is it has an option to compress the debug sections
import("//build/config/clang/clang.gni")
import("//build/toolchain/toolchain.gni")
# Extracts symbols from a binary into a symbol file.
#
# Args:
# binary_input: Path to the binary containing symbols to extract, e.g.:
# "$root_out_dir/chrome"
# symbol_output: Desired output file for symbols, e.g.:
# "$root_out_dir/chrome.debug"
# stripped_binary_output: Desired output file for stripped file, e.g.:
# "$root_out_dir/chrome.stripped"
# compress_debug_sections: If true, compress the extracted debug sections
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# This has been adapted from https://source.chromium.org/chromium/chromium/src/+/main:build/linux/strip_binary.py;drc=c220a41e0422d45f1657c28146d32e99cc53640b
# The notable difference is it has an option to compress the debug sections
importargparse
importsubprocess
importsys
defmain()->int:
parser=argparse.ArgumentParser(description="Strip binary using LLVM tools.")
*`launch-failed` - Process never successfully launched
*`integrity-failure` - Windows code integrity checks failed
*`memory-eviction` - Process proactively terminated to prevent a future out-of-memory (OOM) situation
*`exitCode` number - The exit code for the process
(e.g. status from waitpid if on POSIX, from GetExitCodeProcess on Windows).
*`serviceName` string (optional) - The non-localized name of the process.
@@ -1214,6 +1215,13 @@ Disables hardware acceleration for current app.
This method can only be called before app is ready.
### `app.isHardwareAccelerationEnabled()`
Returns `boolean` - whether hardware acceleration is currently disabled.
> [!NOTE]
> This information is only usable after the `gpu-info-update` event is emitted.
### `app.disableDomainBlockingFor3DAPIs()`
By default, Chromium disables 3D APIs (e.g. WebGL) until restart on a per
@@ -1397,7 +1405,75 @@ details. Disabled by default.
This API must be called after the `ready` event is emitted.
> [!NOTE]
> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default.
> Rendering accessibility tree can significantly affect the performance of your app. It should not be enabled by default. Calling this method will enable the following accessibility support features: `nativeAPIs`, `webContents`, `inlineTextBoxes`, and `extendedProperties`.
@@ -1262,15 +1262,16 @@ Sets the properties for the window's taskbar button.
#### `win.setAccentColor(accentColor)` _Windows_
* `accentColor` boolean | string - The accent color for the window. By default, follows user preference in System Settings.
* `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
Sets the system accent color and highlighting of active window border.
The `accentColor` parameter accepts the following values:
* **Color string** - Sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
* **`true`** - Uses the system's default accent color from user preferences in System Settings.
* **`false`** - Explicitly disables accent color highlighting for the window.
* **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
* **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
* **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
* **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
@@ -1442,15 +1442,16 @@ Sets the properties for the window's taskbar button.
#### `win.setAccentColor(accentColor)` _Windows_
* `accentColor` boolean | string - The accent color for the window. By default, follows user preference in System Settings.
* `accentColor` boolean | string | null - The accent color for the window. By default, follows user preference in System Settings. To reset to system default, pass `null`.
Sets the system accent color and highlighting of active window border.
The `accentColor` parameter accepts the following values:
* **Color string** - Sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
* **`true`** - Uses the system's default accent color from user preferences in System Settings.
* **`false`** - Explicitly disables accent color highlighting for the window.
* **Color string** - Like `true`, but sets a custom accent color using standard CSS color formats (Hex, RGB, RGBA, HSL, HSLA, or named colors). Alpha values in RGBA/HSLA formats are ignored and the color is treated as fully opaque.
* **`true`** - Enable accent color highlighting for the window with the system accent color regardless of whether accent colors are enabled for windows in System `Settings.`
* **`false`** - Disable accent color highlighting for the window regardless of whether accent colors are currently enabled for windows in System Settings.
* **`null`** - Reset window accent color behavior to follow behavior set in System Settings.
// Enable accent color, using the color specified in System Settings.
win.setAccentColor(true)
// Disable accent color.
win.setAccentColor(false)
// Reset window accent color behavior to follow behavior set in System Settings.
win.setAccentColor(null)
```
#### `win.getAccentColor()` _Windows_
@@ -1570,11 +1574,18 @@ events.
Prevents the window contents from being captured by other apps.
On macOS it sets the NSWindow's [`sharingType`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.property?language=objc) to [`NSWindowSharingNone`](https://developer.apple.com/documentation/appkit/nswindow/sharingtype-swift.enum/none?language=objc).
On Windows it calls [`SetWindowDisplayAffinity`](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowdisplayaffinity) with `WDA_EXCLUDEFROMCAPTURE`.
On Windows, it calls [`SetWindowDisplayAffinity`](https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setwindowdisplayaffinity) with `WDA_EXCLUDEFROMCAPTURE`.
For Windows 10 version 2004 and up the window will be removed from capture entirely,
older Windows versions behave as if `WDA_MONITOR` is applied capturing a black window.
@@ -86,7 +86,7 @@ Field trials to be forcefully enabled or disabled.
For example: `WebRTC-Audio-Red-For-Opus/Enabled/`
### --host-rules=`rules`
### --host-rules=`rules` _Deprecated_
A comma-separated list of `rules` that control how hostnames are mapped.
@@ -104,9 +104,23 @@ These mappings apply to the endpoint host in a net request (the TCP connect
and host resolver in a direct connection, and the `CONNECT` in an HTTP proxy
connection, and the endpoint host in a `SOCKS` proxy connection).
**Deprecated:** Use the `--host-resolver-rules` switch instead.
### --host-resolver-rules=`rules`
Like `--host-rules` but these `rules` only apply to the host resolver.
A comma-separated list of `rules` that control how hostnames are mapped.
For example:
* `MAP * 127.0.0.1` Forces all hostnames to be mapped to 127.0.0.1
* `MAP *.google.com proxy` Forces all google.com subdomains to be resolved to
"proxy".
* `MAP test.com [::1]:77` Forces "test.com" to resolve to IPv6 loopback. Will
also force the port of the resulting socket address to be 77.
* `MAP * baz, EXCLUDE www.google.com` Remaps everything to "baz", except for
"www.google.com".
These `rules` only apply to the host resolver.
### --ignore-certificate-errors
@@ -179,6 +193,11 @@ Disables the Chromium [sandbox](https://www.chromium.org/developers/design-docum
Forces renderer process and Chromium helper processes to run un-sandboxed.
Should only be used for testing.
### --no-stdio-init
Disable stdio initialization during node initialization.
Used to avoid node initialization crash when the nul device is disabled on Windows platform.
### --proxy-bypass-list=`hosts`
Instructs Electron to bypass the proxy server for the given semi-colon-separated
@@ -331,6 +350,22 @@ Affects the default output directory of [v8.setHeapSnapshotNearHeapLimit](https:
Disable exposition of [Navigator API][] on the global scope from Node.js.
## Chromium Flags
There isn't a documented list of all Chromium switches, but there are a few ways to find them.
The easiest way is through Chromium's flags page, which you can access at `about://flags`. These flags don't directly match switch names, but they show up in the process's command-line arguments.
To see these arguments, enable a flag in `about://flags`, then go to `about://version` in Chromium. You'll find a list of command-line arguments, including `--flag-switches-begin --your --list --flag-switches-end`, which contains the list of your flag enabled switches.
Most flags are included as part of `--enable-features=`, but some are standalone switches, like `--enable-experimental-web-platform-features`.
A complete list of flags exists in [Chromium's flag metadata page](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/flag-metadata.json), but this list includes platform, environment and GPU specific, expired and potentially non-functional flags, so many of them might not always work in every situation.
Keep in mind that standalone switches can sometimes be split into individual features, so there's no fully complete list of switches.
Finally, you'll need to ensure that the version of Chromium in Electron matches the version of the browser you're using to cross-reference the switches.
@@ -102,6 +102,10 @@ Returns `Promise<DesktopCapturerSource[]>` - Resolves with an array of [`Desktop
## Caveats
`desktopCapturer.getSources(options)` only returns a single source on Linux when using Pipewire.
PipeWire supports a single capture for both screens and windows. If you request the window and screen type, the selected source will be returned as a window capture.
`navigator.mediaDevices.getUserMedia` does not work on macOS for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a [signed kernel extension](https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/KernelExtensions/KernelExtensions.html). Chromium, and by extension Electron, does not provide this.
It is possible to circumvent this limitation by capturing system audio with another macOS app like Soundflower and passing it through a virtual audio input device. This virtual device can then be queried with `navigator.mediaDevices.getUserMedia`.
* `top-level-storage-access` - Allow top-level sites to request third-party cookie access on behalf of embedded content originating from another site in the same related website set using the [Storage Access API](https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API).
* `usb` - Expose non-standard Universal Serial Bus (USB) compatible devices services to the web with the [WebUSB API](https://developer.mozilla.org/en-US/docs/Web/API/WebUSB_API).
* `deprecated-sync-clipboard-read` _Deprecated_ - Request access to run `document.execCommand("paste")`
* `fileSystem` - Access to read, write, and file management capabilities using the [File System API](https://developer.mozilla.org/en-US/docs/Web/API/File_System_API).
* `requestingOrigin` string - The origin URL of the permission check
* `details` Object - Some properties are only available on certain permission types.
* `embeddingOrigin` string (optional) - The origin of the frame embedding the frame that made the permission check. Only set for cross-origin sub frames making permission checks.
* `securityOrigin` string (optional) - The security origin of the `media` check.
* `mediaType` string (optional) - The type of media access being requested, can be `video`,
`audio` or `unknown`
`audio` or `unknown`.
* `requestingUrl` string (optional) - The last URL the requesting frame loaded. This is not provided for cross-origin sub frames making permission checks.
* `isMainFrame` boolean - Whether the frame making the request is the main frame
* `isMainFrame` boolean - Whether the frame making the request is the main frame.
* `filePath` string (optional) - The path of a `fileSystem` request.
* `isDirectory` boolean (optional) - Whether a `fileSystem` request is a directory.
* `fileAccessType` string (optional) - The access type of a `fileSystem` request. Can be `writable` or `readable`.
Sets the handler which can be used to respond to permission checks for the `session`.
Returning `true` will allow the permission and `false` will reject it. Please note that
*`widgetType` string - The widget type of the texture. Can be `popup` or `frame`.
*`pixelFormat` string - The pixel format of the texture. Can be `rgba` or `bgra`.
*`pixelFormat` string - The pixel format of the texture.
*`rgba` - The texture format is 8-bit unorm RGBA.
*`bgra` - The texture format is 8-bit unorm BGRA.
*`rgbaf16` - The texture format is 16-bit float RGBA.
*`codedSize` [Size](size.md) - The full dimensions of the video frame.
*`visibleRect` [Rectangle](rectangle.md) - A subsection of [0, 0, codedSize.width(), codedSize.height()]. In OSR case, it is expected to have the full section area.
*`colorSpace` [ColorSpace](color-space.md) - The color space of the video frame.
*`visibleRect` [Rectangle](rectangle.md) - A subsection of [0, 0, codedSize.width, codedSize.height]. In OSR case, it is expected to have the full section area.
*`contentRect` [Rectangle](rectangle.md) - The region of the video frame that capturer would like to populate. In OSR case, it is the same with `dirtyRect` that needs to be painted.
*`timestamp` number - The time in microseconds since the capture start.
*`metadata` Object - Extra metadata. See comments in src\media\base\video_frame_metadata.h for accurate details.
@@ -12,13 +16,6 @@
*`regionCaptureRect` [Rectangle](rectangle.md) (optional) - May reflect the frame's contents origin if region capture is used internally.
*`sourceSize` [Rectangle](rectangle.md) (optional) - Full size of the source frame.
*`frameCount` number (optional) - The increasing count of captured frame. May contain gaps if frames are dropped between two consecutively received frames.
*`sharedTextureHandle` Buffer _Windows__macOS_ - The handle to the shared texture.
*`planes` Object[] _Linux_ - Each plane's info of the shared texture.
*`stride` number - The strides and offsets in bytes to be used when accessing the buffers via a memory mapping. One per plane per entry.
*`offset` number - The strides and offsets in bytes to be used when accessing the buffers via a memory mapping. One per plane per entry.
*`size` number - Size in bytes of the plane. This is necessary to map the buffers.
*`fd` number - File descriptor for the underlying memory object (usually dmabuf).
*`modifier` string _Linux_ - The modifier is retrieved from GBM library and passed to EGL driver.
*`handle` [SharedTextureHandle](shared-texture-handle.md) - The shared texture handle data.
*`release` Function - Release the resources. The `texture` cannot be directly passed to another process, users need to maintain texture lifecycles in
main process, but it is safe to pass the `textureInfo` to another process. Only a limited number of textures can exist at the same time, so it's important
that you call `texture.release()` as soon as you're done with the texture.
main process, but it is safe to pass the `textureInfo` to another process. Only a limited number of textures can exist at the same time, so it's important that you call `texture.release()` as soon as you're done with the texture.
*`configuration` Object (optional) - A [USBConfiguration](https://developer.mozilla.org/en-US/docs/Web/API/USBConfiguration) object containing information about the currently selected configuration of a USB device.
*`configurationValue` Integer - the configuration value of this configuration.
*`configurationName` string - the name provided by the device to describe this configuration.
*`interfaces` Object[] - An array of [USBInterface](https://developer.mozilla.org/en-US/docs/Web/API/USBInterface) objects containing information about an interface provided by the USB device.
*`interfaceNumber` Integer - the interface number of this interface.
*`alternate` Object - the currently selected alternative configuration of this interface.
*`alternateSetting` Integer - the alternate setting number of this interface.
*`interfaceClass` Integer - the class of this interface. See [USB.org](https://www.usb.org/defined-class-codes) for class code descriptions.
*`interfaceSubclass` Integer - the subclass of this interface.
*`interfaceProtocol` Integer - the protocol supported by this interface.
*`interfaceName` string (optional) - the name of the interface, if one is provided by the device.
*`endpoints` Object[] - an array containing instances of the [USBEndpoint interface](https://developer.mozilla.org/en-US/docs/Web/API/USBEndpoint) describing each of the endpoints that are part of this interface.
*`endpointNumber` Integer - this endpoint's "endpoint number" which is a value from 1 to 15.
*`direction` string - the direction in which this endpoint transfers data - can be either 'in' or 'out'.
*`type` string - the type of this endpoint - can be either 'bulk', 'interrupt', or 'isochronous'.
*`packetSize` Integer - the size of the packets that data sent through this endpoint will be divided into.
*`alternates` Object[] - an array containing instances of the [USBAlternateInterface](https://developer.mozilla.org/en-US/docs/Web/API/USBAlternateInterface) interface describing each of the alternative configurations possible for this interface.
*`configurations` Object[] - An array of [USBConfiguration](https://developer.mozilla.org/en-US/docs/Web/API/USBConfiguration) interfaces for controlling a paired USB device.
*`deviceClass` Integer - The device class for the communication interface supported by the device.
*`deviceId` string - Unique identifier for the device.
*`vendorId` Integer - The USB vendor ID.
*`productId` Integer - The USB product ID.
*`productName` string (optional) - Name of the device.
*`serialNumber` string (optional) - The USB device serial number.
*`manufacturerName` string (optional) - The manufacturer name of the device.
*`usbVersionMajor` Integer - The USB protocol major version supported by the device
*`usbVersionMinor` Integer - The USB protocol minor version supported by the device
*`usbVersionSubminor` Integer - The USB protocol subminor version supported by the device
*`deviceClass` Integer - The device class for the communication interface supported by the device
*`deviceSubclass` Integer - The device subclass for the communication interface supported by the device
*`deviceProtocol` Integer - The device protocol for the communication interface supported by the device
*`deviceProtocol` Integer - The device protocol for the communication interface supported by the device.
*`deviceSubclass` Integer - The device subclass for the communication interface supported by the device.
*`deviceVersionMajor` Integer - The major version number of the device as defined by the device manufacturer.
*`deviceVersionMinor` Integer - The minor version number of the device as defined by the device manufacturer.
*`deviceVersionSubminor` Integer - The subminor version number of the device as defined by the device manufacturer.
*`manufacturerName` string (optional) - The manufacturer name of the device.
*`productId` Integer - The USB product ID.
*`productName` string (optional) - Name of the device.
*`serialNumber` string (optional) - The USB device serial number.
*`usbVersionMajor` Integer - The USB protocol major version supported by the device.
*`usbVersionMinor` Integer - The USB protocol minor version supported by the device.
*`usbVersionSubminor` Integer - The USB protocol subminor version supported by the device.
associated with the window, making it compatible with the Chromium
OS-level sandbox and disabling the Node.js engine. This is not the same as
the `nodeIntegration` option and the APIs available to the preload script
are more limited. Read more about the option [here](../../tutorial/sandbox.md).
are more limited. Default is `true` since Electron 20. The sandbox will
automatically be disabled when `nodeIntegration` is set to `true`.
Read more about the option [here](../../tutorial/sandbox.md).
*`session` [Session](../session.md#class-session) (optional) - Sets the session used by the
page. Instead of passing the Session object directly, you can also choose to
use the `partition` option instead, which accepts a partition string. When
@@ -87,6 +89,11 @@
paint event. Defaults to `false`. See the
[offscreen rendering tutorial](../../tutorial/offscreen-rendering.md) for
more details.
*`sharedTexturePixelFormat` string (optional) _Experimental_ - The requested output format of the shared texture. Defaults to `argb`.
The name is originated from Chromium [`media::VideoPixelFormat`](https://source.chromium.org/chromium/chromium/src/+/main:media/base/video_types.h) enum suffix and only subset of them are supported.
The actual output pixel format and color space of the texture should refer to [`OffscreenSharedTexture`](../structures/offscreen-shared-texture.md) object in the `paint` event.
*`argb` - The requested output texture format is 8-bit unorm RGBA, with SRGB SDR color space.
*`rgbaf16` - The requested output texture format is 16-bit float RGBA, with scRGB HDR color space.
*`contextIsolation` boolean (optional) - Whether to run Electron APIs and
the specified `preload` script in a separate JavaScript context. Defaults
to `true`. The context that the `preload` script runs in will only have
@@ -12,13 +12,50 @@ This document uses the following convention to categorize breaking changes:
* **Deprecated:** An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
* **Removed:** An API or feature was removed, and is no longer supported by Electron.
## Planned Breaking API Changes (39.0)
### Deprecated: `--host-rules` command line switch
Chromium is deprecating the `--host-rules` switch.
You should use `--host-resolver-rules` instead.
### Behavior Changed: window.open popups are always resizable
Per current [WHATWG spec](https://html.spec.whatwg.org/multipage/nav-history-apis.html#dom-open-dev), the `window.open` API will now always create a resizable popup window.
@@ -32,7 +32,7 @@ This table gives a general overview of where ESM is supported and which ESM load
| Main | Node.js | N/A | <ul><li> [You must use `await` generously before the app's `ready` event](#you-must-use-await-generously-before-the-apps-ready-event) </li></ul> |
| Renderer (Unsandboxed & Context Isolated) | Chromium | Node.js | <ul><li> [Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content) </li> <li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li></ul> |
| Renderer (Unsandboxed & Non Context Isolated) | Chromium | Node.js | <ul><li>[Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content)</li><li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li><li>[ESM preload scripts must be context isolated to use dynamic Node.js ESM imports](#esm-preload-scripts-must-be-context-isolated-to-use-dynamic-nodejs-esm-imports)</li></ul> |
| Renderer (Unsandboxed & Non Context Isolated) | Chromium | Node.js | <ul><li>[Unsandboxed ESM preload scripts will run after page load on pages with no content](#unsandboxed-esm-preload-scripts-will-run-after-page-load-on-pages-with-no-content)</li><li>[ESM Preload Scripts must have the `.mjs` extension](#esm-preload-scripts-must-have-the-mjs-extension)</li></ul> |
For a subset of Electron functionality it makes sense to disable certain features for an entire application. For example, 99% of apps don't make use of `ELECTRON_RUN_AS_NODE`, these applications want to be able to ship a binary that is incapable of using that feature. We also don't want Electron consumers building Electron from source as that is both a massive technical challenge and has a high cost of both time and money.
From a security perspective, it makes sense to disable certain unused Electron features
that are powerful but may make your app's security posture weaker. For example, any app that doesn't
use the `ELECTRON_RUN_AS_NODE` environment variable would want to disable the feature to prevent a
subset of "living off the land" attacks.
Fuses are the solution to this problem, at a high level they are "magic bits" in the Electron binary that can be flipped when packaging your Electron app to enable / disable certain features / restrictions. Because they are flipped at package time before you code sign your app the OS becomes responsible for ensuring those bits aren't flipped back via OS level code signing validation (Gatekeeper / App Locker).
We also don't want Electron consumers forking to achieve this goal, as building from source and
maintaining a fork is a massive technical challenge and costs a lot of time and money.
## Current Fuses
Fuses are the solution to this problem. At a high level, they are "magic bits" in the Electron binary
that can be flipped when packaging your Electron app to enable or disable certain features/restrictions.
Because they are flipped at package time before you code sign your app, the OS becomes responsible
for ensuring those bits aren't flipped back via OS-level code signing validation
(e.g. [Gatekeeper](https://support.apple.com/en-ca/guide/security/sec5599b66df/web) on macOS or
@@ -16,7 +29,11 @@ Fuses are the solution to this problem, at a high level they are "magic bits" in
**@electron/fuses:** `FuseV1Options.RunAsNode`
The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variable is respected or not. Please note that if this fuse is disabled then `process.fork` in the main process will not function as expected as it depends on this environmentvariable to function. Instead, we recommend that you use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a standalone Node.js process (like a Sqlite server process or similar scenarios).
The `runAsNode` fuse toggles whether the [`ELECTRON_RUN_AS_NODE`](../api/environment-variables.md)
environment variable is respected or not. With this fuse disabled, [`child_process.fork`](https://nodejs.org/api/child_process.html#child_processforkmodulepath-args-options) in the main process will not function
as expected, as it depends on this environment variable to function. Instead, we recommend that you
use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a
standalone Node.js process (e.g. a SQLite server process).
### `cookieEncryption`
@@ -24,7 +41,12 @@ The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variab
The cookieEncryption fuse toggles whether the cookie store on disk is encrypted using OS level cryptography keys. By default the sqlite database that Chromium uses to store cookies stores the values in plaintext. If you wish to ensure your apps cookies are encrypted in the same way Chrome does then you should enable this fuse. Please note it is a one-way transition, if you enable this fuse existing unencrypted cookies will be encrypted-on-write but if you then disable the fuse again your cookie store will effectively be corrupt and useless. Most apps can safely enable this fuse.
The `cookieEncryption` fuse toggles whether the cookie store on disk is encrypted using OS level
cryptography keys. By default, the SQLite database that Chromium uses to store cookies stores the
values in plaintext. If you wish to ensure your app's cookies are encrypted in the same way Chrome
does, then you should enable this fuse. Please note it is a one-way transition—if you enable this
fuse, existing unencrypted cookies will be encrypted-on-write, but subsequently disabling the fuse
later will make your cookie store corrupt and useless. Most apps can safely enable this fuse.
### `nodeOptions`
@@ -32,7 +54,11 @@ The cookieEncryption fuse toggles whether the cookie store on disk is encrypted
The nodeOptions fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions) and [`NODE_EXTRA_CA_CERTS`](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile) environment variables are respected. The `NODE_OPTIONS` environment variable can be used to pass all kinds of custom options to the Node.js runtime and isn't typically used by apps in production. Most apps can safely disable this fuse.
The `nodeOptions` fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions)
and [`NODE_EXTRA_CA_CERTS`](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile)
environment variables are respected. The `NODE_OPTIONS` environment variable can be used to pass all
kinds of custom options to the Node.js runtime and isn't typically used by apps in production.
Most apps can safely disable this fuse.
### `nodeCliInspect`
@@ -40,7 +66,9 @@ The nodeOptions fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api
The nodeCliInspect fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected or not. When disabled it also ensures that `SIGUSR1` signal does not initialize the main process inspector. Most apps can safely disable this fuse.
The `nodeCliInspect` fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected
or not. When disabled, it also ensures that `SIGUSR1` signal does not initialize the main process
inspector. Most apps can safely disable this fuse.
### `embeddedAsarIntegrityValidation`
@@ -48,9 +76,12 @@ The nodeCliInspect fuse toggles whether the `--inspect`, `--inspect-brk`, etc. f
The embeddedAsarIntegrityValidation fuse toggles an experimental feature on macOS and Windows that validates the content of the `app.asar` file when it is loaded. This feature is designed to have a minimal performance impact but may marginally slow down file reads from inside the `app.asar` archive.
The `embeddedAsarIntegrityValidation` fuse toggles a feature on macOS and Windows that validates the
content of the `app.asar` file when it is loaded. This feature is designed to have a minimal
performance impact but may marginally slow down file reads from inside the `app.asar` archive.
Most apps can safely enable this fuse.
For more information on how to use asar integrity validation please read the [Asar Integrity](asar-integrity.md) documentation.
For more information on how to use ASAR integrity validation, please read the [Asar Integrity](asar-integrity.md) documentation.
### `onlyLoadAppFromAsar`
@@ -58,7 +89,15 @@ For more information on how to use asar integrity validation please read the [As
The onlyLoadAppFromAsar fuse changes the search system that Electron uses to locate your app code. By default Electron will search in the following order `app.asar` -> `app` -> `default_app.asar`. When this fuse is enabled the search order becomes a single entry `app.asar` thus ensuring that when combined with the `embeddedAsarIntegrityValidation` fuse it is impossible to load non-validated code.
The `onlyLoadAppFromAsar` fuse changes the search system that Electron uses to locate your app code.
By default, Electron will search for this code in the following order:
1.`app.asar`
1.`app`
1.`default_app.asar`
When this fuse is enabled, Electron will _only_ search for `app.asar`. When combined with the [`embeddedAsarIntegrityValidation`](#embeddedasarintegrityvalidation) fuse, this fuse ensures that
it is impossible to load non-validated code.
### `loadBrowserProcessSpecificV8Snapshot`
@@ -66,11 +105,17 @@ The onlyLoadAppFromAsar fuse changes the search system that Electron uses to loc
The loadBrowserProcessSpecificV8Snapshot fuse changes which V8 snapshot file is used for the browser process. By default Electron's processes will all use the same V8 snapshot file. When this fuse is enabled the browser process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot. The other processes will use the V8 snapshot file that they normally do.
V8 snapshots can be useful to improve app startup performance. V8 lets you take snapshots of
initialized heaps and then load them back in to avoid the cost of initializing the heap.
V8 snapshots can be useful to improve app startup performance. V8 lets you take snapshots of initialized heaps and then load them back in to avoid the cost of initializing the heap.
The `loadBrowserProcessSpecificV8Snapshot` fuse changes which V8 snapshot file is used for the browser
process. By default, Electron's processes will all use the same V8 snapshot file. When this fuse is
enabled, the main process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot.
Other processes will use the V8 snapshot file that they normally do.
Using separate snapshots for renderer processes and the main process can improve security, especially to make sure that the renderer doesn't use a snapshot with `nodeIntegration` enabled. See [#35170](https://github.com/electron/electron/issues/35170) for details.
Using separate snapshots for renderer processes and the main process can improve security, especially
to make sure that the renderer doesn't use a snapshot with `nodeIntegration` enabled.
See [electron/electron#35170](https://github.com/electron/electron/issues/35170) for details.
### `grantFileProtocolExtraPrivileges`
@@ -78,19 +123,25 @@ Using separate snapshots for renderer processes and the main process can improve
The grantFileProtocolExtraPrivileges fuse changes whether pages loaded from the `file://` protocol are given privileges beyond what they would receive in a traditional web browser. This behavior was core to Electron apps in original versions of Electron but is no longer required as apps should be [serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead. If you aren't serving pages from `file://` you should disable this fuse.
The `grantFileProtocolExtraPrivileges` fuse changes whether pages loaded from the `file://` protocol
are given privileges beyond what they would receive in a traditional web browser. This behavior was
core to Electron apps in original versions of Electron, but is no longer required as apps should be
[serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead.
If you aren't serving pages from `file://`, you should disable this fuse.
The extra privileges granted to the `file://` protocol by this fuse are incompletely documented below:
*`file://` protocol pages can use `fetch` to load other assets over `file://`
*`file://` protocol pages can use service workers
*`file://` protocol pages have universal access granted to child frames also running on `file://` protocols regardless of sandbox settings
*`file://` protocol pages have universal access granted to child frames also running on `file://`
protocols regardless of sandbox settings
## How do I flip the fuses?
## How do I flip fuses?
### The easy way
We've made a handy module, [`@electron/fuses`](https://npmjs.com/package/@electron/fuses), to make flipping these fuses easy. Check out the README of that module for more details on usage and potential error cases.
[`@electron/fuses`](https://npmjs.com/package/@electron/fuses) is a JavaScript utility designed to make flipping these fuses easy. Check out the README of that module for more details on usage and potential error cases.
> * **Fuse Wire**: A sequence of bytes in the Electron binary used to control the fuses
> * **Sentinel**: A static known sequence of bytes you can use to locate the fuse wire
> * **Fuse Schema**: The format/allowed values for the fuse wire
* **Fuse Wire**: A sequence of bytes in the Electron binary used to control the fuses
* **Sentinel**: A static known sequence of bytes you can use to locate the fuse wire
* **Fuse Schema**: The format / allowed values for the fuse wire
Manually flipping fuses requires editing the Electron binary and modifying the fuse wire to be the
sequence of bytes that represent the state of the fuses you want.
Manually flipping fuses requires editing the Electron binary and modifying the fuse wire to be the sequence of bytes that represent the state of the fuses you want.
Somewhere in the Electron binary there will be a sequence of bytes that look like this:
Somewhere in the Electron binary, there will be a sequence of bytes that look like this:
Online and offline event detection can be implemented in both the main and renderer processes:
- **Renderer process**: Use the [`navigator.onLine`](http://html5index.org/Offline%20-%20NavigatorOnLine.html) attribute and [online/offline events](https://developer.mozilla.org/en-US/docs/Online_and_offline_events), part of standard HTML5 API.
- **Main process**: Use the [`net.isOnline()`](../api/net.md#netisonline) method or the [`net.online`](../api/net.md#netonline-readonly) property.
The `navigator.onLine` attribute returns:
*`false` if all network requests are guaranteed to fail (e.g. when disconnected from the network).
*`true` in all other cases.
-`false` if all network requests are guaranteed to fail (e.g. when disconnected from the network).
-`true` in all other cases.
Since many cases return `true`, you should treat with care situations of
getting false positives, as we cannot always assume that `true` value means
@@ -19,7 +19,27 @@ is running a virtualization software that has virtual Ethernet adapters in "alwa
connected" state. Therefore, if you want to determine the Internet access
status of Electron, you should develop additional means for this check.
## Example
## Main Process Detection
In the main process, you can use the `net` module to detect online/offline status:
```js
const{net}=require('electron')
// Method 1: Using net.isOnline()
constisOnline=net.isOnline()
console.log('Online status:',isOnline)
// Method 2: Using net.online property
console.log('Online status:',net.online)
```
Both `net.isOnline()` and `net.online` return the same boolean value with the same reliability characteristics as `navigator.onLine` - they provide a strong indicator when offline (`false`), but a `true` value doesn't guarantee successful internet connectivity.
> [!NOTE]
> The `net` module is only available after the app emits the `ready` event.
## Renderer Process Example
Starting with an HTML file `index.html`, this example will demonstrate how the `navigator.onLine` API can be used to build a connection status indicator.
@@ -84,4 +104,4 @@ After launching the Electron application, you should see the notification:
> If you need to communicate the connection status to the main process, use the [IPC renderer](../api/ipc-renderer.md) API.
> If you need to check the connection status in the main process, you can use [`net.isOnline()`](../api/net.md#netisonline) directly instead of communicating from the renderer process via [IPC](../api/ipc-renderer.md).
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
