fix: auth required websocket crash (#48541)

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>

.github/actions/build-electron/action.yml

@@ -63,6 +63,13 @@ runs:
         NINJA_SUMMARIZE_BUILD=1 e build
         cp out/Default/.ninja_log out/electron_ninja_log
         node electron/script/check-symlinks.js
+
+        # Upload build stats to Datadog
+        if ! [ -z $DD_API_KEY ]; then
+          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true
+        else
+          echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
+        fi
     - name: Build Electron dist.zip ${{ inputs.step-suffix }}
       shell: bash
       run: |

.github/workflows/pipeline-segment-electron-build.yml

@@ -66,6 +66,7 @@ concurrency:
 env:
   CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
   CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
+  DD_API_KEY: ${{ secrets.DD_API_KEY }}
   ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
   SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
@@ -84,6 +85,7 @@ jobs:
     environment: ${{ inputs.environment }}
     env:
       TARGET_ARCH: ${{ inputs.target-arch }}
+      TARGET_PLATFORM: ${{ inputs.target-platform }}
     steps:
     - name: Create src dir
       run: |

docs/glossary.md

@@ -12,6 +12,15 @@ The ASAR format was created primarily to improve performance on Windows when
 reading large quantities of small files (e.g. when loading your app's JavaScript
 dependency tree from `node_modules`).
 
+### ASAR integrity
+
+ASAR integrity is an security feature that validates the contents of your app's
+ASAR archives at runtime. When enabled, your Electron app will verify the
+header hash of its ASAR archive on runtime. If no hash is present or if there is a mismatch in the
+hashes, the app will forcefully terminate.
+
+See the [ASAR Integrity](./tutorial/asar-integrity.md) guide for more details.
+
 ### code signing
 
 Code signing is a process where an app developer digitally signs their code to

docs/tutorial/asar-integrity.md

@@ -5,7 +5,7 @@ slug: asar-integrity
 hide_title: false
 ---
 
-ASAR integrity is an experimental feature that validates the contents of your app's
+ASAR integrity is a security feature that validates the contents of your app's
 [ASAR archives](./asar-archives.md) at runtime.
 
 ## Version support
@@ -77,7 +77,7 @@ on package time. The process of providing this packaged hash is different for ma
 ### Using Electron tooling
 
 Electron Forge and Electron Packager do this setup automatically for you with no additional
-configuration. The minimum required versions for ASAR integrity are:
+configuration whenever `asar` is enabled. The minimum required versions for ASAR integrity are:
 
 * `@electron/packager@18.3.1`
 * `@electron/forge@7.4.0`

docs/tutorial/code-signing.md

@@ -233,10 +233,10 @@ can find [its documentation here](https://www.electron.build/code-signing).
 [Azure Trusted Signing][] is Microsoft's modern cloud-based alternative to EV certificates.
 It is the cheapest option for code signing on Windows, and it gets rid of SmartScreen warnings.
 
-As of May 2025, Azure Trusted Signing is [available][trusted-signing-availability] to US and
-Canada-based organizations with 3+ years of verifiable business history. Microsoft is looking
-to make the program more widely available. If you're reading this at a later point, it could
-make sense to check if the eligibility criteria have changed.
+As of October 2025, Azure Trusted Signing is available to US and Canada-based organizations
+with 3+ years of verifiable business history and to individual developers in the US and Canada.
+Microsoft is looking to make the program more widely available. If you're reading this at a
+later point, it could make sense to check if the eligibility criteria have changed.
 
 #### Using Electron Forge
 
@@ -267,6 +267,5 @@ See the [Windows Store Guide][].
 [maker-squirrel]: https://www.electronforge.io/config/makers/squirrel.windows
 [maker-msi]: https://www.electronforge.io/config/makers/wix-msi
 [azure trusted signing]: https://azure.microsoft.com/en-us/products/trusted-signing
-[trusted-signing-availability]: https://techcommunity.microsoft.com/blog/microsoft-security-blog/trusted-signing-public-preview-update/4399713
 [forge-trusted-signing]: https://www.electronforge.io/guides/code-signing/code-signing-windows#using-azure-trusted-signing
 [builder-trusted-signing]: https://www.electron.build/code-signing-win#using-azure-trusted-signing-beta

docs/tutorial/fuses.md

@@ -4,11 +4,24 @@
 
 ## What are fuses?
 
-For a subset of Electron functionality it makes sense to disable certain features for an entire application.  For example, 99% of apps don't make use of `ELECTRON_RUN_AS_NODE`, these applications want to be able to ship a binary that is incapable of using that feature.  We also don't want Electron consumers building Electron from source as that is both a massive technical challenge and has a high cost of both time and money.
+From a security perspective, it makes sense to disable certain unused Electron features
+that are powerful but may make your app's security posture weaker. For example, any app that doesn't
+use the `ELECTRON_RUN_AS_NODE` environment variable would want to disable the feature to prevent a
+subset of "living off the land" attacks.
 
-Fuses are the solution to this problem, at a high level they are "magic bits" in the Electron binary that can be flipped when packaging your Electron app to enable / disable certain features / restrictions.  Because they are flipped at package time before you code sign your app the OS becomes responsible for ensuring those bits aren't flipped back via OS level code signing validation (Gatekeeper / App Locker).
+We also don't want Electron consumers forking to achieve this goal, as building from source and
+maintaining a fork is a massive technical challenge and costs a lot of time and money.
 
-## Current Fuses
+Fuses are the solution to this problem. At a high level, they are "magic bits" in the Electron binary
+that can be flipped when packaging your Electron app to enable or disable certain features/restrictions.
+
+Because they are flipped at package time before you code sign your app, the OS becomes responsible
+for ensuring those bits aren't flipped back via OS-level code signing validation
+(e.g. [Gatekeeper](https://support.apple.com/en-ca/guide/security/sec5599b66df/web) on macOS or
+[AppLocker](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/applocker-overview)
+on Windows).
+
+## Current fuses
 
 ### `runAsNode`
 
@@ -16,7 +29,11 @@ Fuses are the solution to this problem, at a high level they are "magic bits" in
 
 **@electron/fuses:** `FuseV1Options.RunAsNode`
 
-The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variable is respected or not.  Please note that if this fuse is disabled then `process.fork` in the main process will not function as expected as it depends on this environment variable to function. Instead, we recommend that you use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a standalone Node.js process (like a Sqlite server process or similar scenarios).
+The `runAsNode` fuse toggles whether the [`ELECTRON_RUN_AS_NODE`](../api/environment-variables.md)
+environment variable is respected or not. With this fuse disabled, [`child_process.fork`](https://nodejs.org/api/child_process.html#child_processforkmodulepath-args-options) in the main process will not function
+as expected, as it depends on this environment variable to function. Instead, we recommend that you
+use [Utility Processes](../api/utility-process.md), which work for many use cases where you need a
+standalone Node.js process (e.g. a SQLite server process).
 
 ### `cookieEncryption`
 
@@ -24,7 +41,12 @@ The runAsNode fuse toggles whether the `ELECTRON_RUN_AS_NODE` environment variab
 
 **@electron/fuses:** `FuseV1Options.EnableCookieEncryption`
 
-The cookieEncryption fuse toggles whether the cookie store on disk is encrypted using OS level cryptography keys.  By default the sqlite database that Chromium uses to store cookies stores the values in plaintext.  If you wish to ensure your apps cookies are encrypted in the same way Chrome does then you should enable this fuse.  Please note it is a one-way transition, if you enable this fuse existing unencrypted cookies will be encrypted-on-write but if you then disable the fuse again your cookie store will effectively be corrupt and useless.  Most apps can safely enable this fuse.
+The `cookieEncryption` fuse toggles whether the cookie store on disk is encrypted using OS level
+cryptography keys. By default, the SQLite database that Chromium uses to store cookies stores the
+values in plaintext. If you wish to ensure your app's cookies are encrypted in the same way Chrome
+does, then you should enable this fuse. Please note it is a one-way transition—if you enable this
+fuse, existing unencrypted cookies will be encrypted-on-write, but subsequently disabling the fuse
+later will make your cookie store corrupt and useless. Most apps can safely enable this fuse.
 
 ### `nodeOptions`
 
@@ -32,7 +54,11 @@ The cookieEncryption fuse toggles whether the cookie store on disk is encrypted
 
 **@electron/fuses:** `FuseV1Options.EnableNodeOptionsEnvironmentVariable`
 
-The nodeOptions fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions)  and [`NODE_EXTRA_CA_CERTS`](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile) environment variables are respected.  The `NODE_OPTIONS` environment variable can be used to pass all kinds of custom options to the Node.js runtime and isn't typically used by apps in production.  Most apps can safely disable this fuse.
+The `nodeOptions` fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api/cli.html#node_optionsoptions)
+and [`NODE_EXTRA_CA_CERTS`](https://github.com/nodejs/node/blob/main/doc/api/cli.md#node_extra_ca_certsfile)
+environment variables are respected. The `NODE_OPTIONS` environment variable can be used to pass all
+kinds of custom options to the Node.js runtime and isn't typically used by apps in production.
+Most apps can safely disable this fuse.
 
 ### `nodeCliInspect`
 
@@ -40,7 +66,9 @@ The nodeOptions fuse toggles whether the [`NODE_OPTIONS`](https://nodejs.org/api
 
 **@electron/fuses:** `FuseV1Options.EnableNodeCliInspectArguments`
 
-The nodeCliInspect fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected or not.  When disabled it also ensures that `SIGUSR1` signal does not initialize the main process inspector.  Most apps can safely disable this fuse.
+The `nodeCliInspect` fuse toggles whether the `--inspect`, `--inspect-brk`, etc. flags are respected
+or not. When disabled, it also ensures that `SIGUSR1` signal does not initialize the main process
+inspector. Most apps can safely disable this fuse.
 
 ### `embeddedAsarIntegrityValidation`
 
@@ -48,9 +76,12 @@ The nodeCliInspect fuse toggles whether the `--inspect`, `--inspect-brk`, etc. f
 
 **@electron/fuses:** `FuseV1Options.EnableEmbeddedAsarIntegrityValidation`
 
-The embeddedAsarIntegrityValidation fuse toggles an experimental feature on macOS and Windows that validates the content of the `app.asar` file when it is loaded.  This feature is designed to have a minimal performance impact but may marginally slow down file reads from inside the `app.asar` archive.
+The `embeddedAsarIntegrityValidation` fuse toggles a feature on macOS and Windows that validates the
+content of the `app.asar` file when it is loaded. This feature is designed to have a minimal
+performance impact but may marginally slow down file reads from inside the `app.asar` archive.
+Most apps can safely enable this fuse.
 
-For more information on how to use asar integrity validation please read the [Asar Integrity](asar-integrity.md) documentation.
+For more information on how to use ASAR integrity validation, please read the [Asar Integrity](asar-integrity.md) documentation.
 
 ### `onlyLoadAppFromAsar`
 
@@ -58,7 +89,15 @@ For more information on how to use asar integrity validation please read the [As
 
 **@electron/fuses:** `FuseV1Options.OnlyLoadAppFromAsar`
 
-The onlyLoadAppFromAsar fuse changes the search system that Electron uses to locate your app code.  By default Electron will search in the following order `app.asar` -> `app` -> `default_app.asar`.  When this fuse is enabled the search order becomes a single entry `app.asar` thus ensuring that when combined with the `embeddedAsarIntegrityValidation` fuse it is impossible to load non-validated code.
+The `onlyLoadAppFromAsar` fuse changes the search system that Electron uses to locate your app code.
+By default, Electron will search for this code in the following order:
+
+1. `app.asar`
+1. `app`
+1. `default_app.asar`
+
+When this fuse is enabled, Electron will _only_ search for `app.asar`. When combined with the [`embeddedAsarIntegrityValidation`](#embeddedasarintegrityvalidation) fuse, this fuse ensures that
+it is impossible to load non-validated code.
 
 ### `loadBrowserProcessSpecificV8Snapshot`
 
@@ -66,11 +105,17 @@ The onlyLoadAppFromAsar fuse changes the search system that Electron uses to loc
 
 **@electron/fuses:** `FuseV1Options.LoadBrowserProcessSpecificV8Snapshot`
 
-The loadBrowserProcessSpecificV8Snapshot fuse changes which V8 snapshot file is used for the browser process.  By default Electron's processes will all use the same V8 snapshot file.  When this fuse is enabled the browser process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot. The other processes will use the V8 snapshot file that they normally do.
+V8 snapshots can be useful to improve app startup performance. V8 lets you take snapshots of
+initialized heaps and then load them back in to avoid the cost of initializing the heap.
 
-V8 snapshots can be useful to improve app startup performance. V8 lets you take snapshots of initialized heaps and then load them back in to avoid the cost of initializing the heap.
+The `loadBrowserProcessSpecificV8Snapshot` fuse changes which V8 snapshot file is used for the browser
+process. By default, Electron's processes will all use the same V8 snapshot file. When this fuse is
+enabled, the main process uses the file called `browser_v8_context_snapshot.bin` for its V8 snapshot.
+Other processes will use the V8 snapshot file that they normally do.
 
-Using separate snapshots for renderer processes and the main process can improve security, especially to make sure that the renderer doesn't use a snapshot with `nodeIntegration` enabled. See [#35170](https://github.com/electron/electron/issues/35170) for details.
+Using separate snapshots for renderer processes and the main process can improve security, especially
+to make sure that the renderer doesn't use a snapshot with `nodeIntegration` enabled.
+See [electron/electron#35170](https://github.com/electron/electron/issues/35170) for details.
 
 ### `grantFileProtocolExtraPrivileges`
 
@@ -78,19 +123,25 @@ Using separate snapshots for renderer processes and the main process can improve
 
 **@electron/fuses:** `FuseV1Options.GrantFileProtocolExtraPrivileges`
 
-The grantFileProtocolExtraPrivileges fuse changes whether pages loaded from the `file://` protocol are given privileges beyond what they would receive in a traditional web browser.  This behavior was core to Electron apps in original versions of Electron but is no longer required as apps should be [serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead.  If you aren't serving pages from `file://` you should disable this fuse.
+The `grantFileProtocolExtraPrivileges` fuse changes whether pages loaded from the `file://` protocol
+are given privileges beyond what they would receive in a traditional web browser. This behavior was
+core to Electron apps in original versions of Electron, but is no longer required as apps should be
+[serving local files from custom protocols](./security.md#18-avoid-usage-of-the-file-protocol-and-prefer-usage-of-custom-protocols) now instead.
+
+If you aren't serving pages from `file://`, you should disable this fuse.
 
 The extra privileges granted to the `file://` protocol by this fuse are incompletely documented below:
 
 * `file://` protocol pages can use `fetch` to load other assets over `file://`
 * `file://` protocol pages can use service workers
-* `file://` protocol pages have universal access granted to child frames also running on `file://` protocols regardless of sandbox settings
+* `file://` protocol pages have universal access granted to child frames also running on `file://`
+  protocols regardless of sandbox settings
 
-## How do I flip the fuses?
+## How do I flip fuses?
 
 ### The easy way
 
-We've made a handy module, [`@electron/fuses`](https://npmjs.com/package/@electron/fuses), to make flipping these fuses easy.  Check out the README of that module for more details on usage and potential error cases.
+[`@electron/fuses`](https://npmjs.com/package/@electron/fuses) is a JavaScript utility designed to make flipping these fuses easy. Check out the README of that module for more details on usage and potential error cases.
 
 ```js @ts-nocheck
 const { flipFuses, FuseVersion, FuseV1Options } = require('@electron/fuses')
@@ -106,29 +157,37 @@ flipFuses(
 )
 ```
 
-You can validate the fuses have been flipped or check the fuse status of an arbitrary Electron app using the fuses CLI.
+You can validate the fuses that have been flipped or check the fuse status of an arbitrary Electron
+app using the `@electron/fuses` CLI.
 
 ```bash
 npx @electron/fuses read --app /Applications/Foo.app
 ```
 
+>[!NOTE]
+> If you are using Electron Forge to distribute your application, you can flip fuses using
+> [`@electron-forge/plugin-fuses`](https://www.electronforge.io/config/plugins/fuses),
+> which comes pre-installed with all templates.
+
 ### The hard way
 
-#### Quick Glossary
+> [!IMPORTANT]
+> Glossary:
+>
+> * **Fuse Wire**: A sequence of bytes in the Electron binary used to control the fuses
+> * **Sentinel**: A static known sequence of bytes you can use to locate the fuse wire
+> * **Fuse Schema**: The format/allowed values for the fuse wire
 
-* **Fuse Wire**: A sequence of bytes in the Electron binary used to control the fuses
-* **Sentinel**: A static known sequence of bytes you can use to locate the fuse wire
-* **Fuse Schema**: The format / allowed values for the fuse wire
+Manually flipping fuses requires editing the Electron binary and modifying the fuse wire to be the
+sequence of bytes that represent the state of the fuses you want.
 
-Manually flipping fuses requires editing the Electron binary and modifying the fuse wire to be the sequence of bytes that represent the state of the fuses you want.
-
-Somewhere in the Electron binary there will be a sequence of bytes that look like this:
+Somewhere in the Electron binary, there will be a sequence of bytes that look like this:
 
 ```text
 | ...binary | sentinel_bytes | fuse_version | fuse_wire_length | fuse_wire | ...binary |
 ```
 
-* `sentinel_bytes` is always this exact string `dL7pKGdnNz796PbbjQWNKmHXBZaB9tsX`
+* `sentinel_bytes` is always this exact string: `dL7pKGdnNz796PbbjQWNKmHXBZaB9tsX`
 * `fuse_version` is a single byte whose unsigned integer value represents the version of the fuse schema
 * `fuse_wire_length` is a single byte whose unsigned integer value represents the number of fuses in the following fuse wire
 * `fuse_wire` is a sequence of N bytes, each byte represents a single fuse and its state.
@@ -136,6 +195,6 @@ Somewhere in the Electron binary there will be a sequence of bytes that look lik
   * "1" (0x31) indicates the fuse is enabled
   * "r" (0x72) indicates the fuse has been removed and changing the byte to either 1 or 0 will have no effect.
 
-To flip a fuse you find its position in the fuse wire and change it to "0" or "1" depending on the state you'd like.
+To flip a fuse, you find its position in the fuse wire and change it to "0" or "1" depending on the state you'd like.
 
 You can view the current schema [here](https://github.com/electron/electron/blob/main/build/fuses/fuses.json5).

docs/tutorial/security.md

@@ -98,7 +98,7 @@ either `process.env` or the `window` object.
 You should at least follow these steps to improve the security of your application:
 
 1. [Only load secure content](#1-only-load-secure-content)
-2. [Disable the Node.js integration in all renderers that display remote content](#2-do-not-enable-nodejs-integration-for-remote-content)
+2. [Do not enable Node.js integration for remote content](#2-do-not-enable-nodejs-integration-for-remote-content)
 3. [Enable context isolation in all renderers](#3-enable-context-isolation)
 4. [Enable process sandboxing](#4-enable-process-sandboxing)
 5. [Use `ses.setPermissionRequestHandler()` in all sessions that load remote content](#5-handle-session-permission-requests-from-remote-content)
@@ -804,10 +804,10 @@ that your application might have the rights for.
 
 #### How?
 
-We've made a module, [`@electron/fuses`](https://npmjs.com/package/@electron/fuses), to make
+[`@electron/fuses`](https://npmjs.com/package/@electron/fuses) is a module we made to make
 flipping these fuses easy. Check out the README of that module for more details on usage and
 potential error cases, and refer to
-[How do I flip the fuses?](./fuses.md#how-do-i-flip-the-fuses) in our documentation.
+[How do I flip fuses?](./fuses.md#how-do-i-flip-fuses) in our documentation.
 
 ### 20. Do not expose Electron APIs to untrusted web content
 

patches/chromium/.patches

@@ -142,3 +142,4 @@ chore_expose_isolate_parameter_in_script_lifecycle_observers.patch
 revert_partial_remove_unused_prehandlemouseevent.patch
 allow_electron_to_depend_on_components_os_crypt_sync.patch
 disable_nsautofillheuristiccontroller_on_macos_26.patch
+inspectorpageagent_provisional_frame_speculative_fix.patch

patches/chromium/inspectorpageagent_provisional_frame_speculative_fix.patch

@@ -0,0 +1,116 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Joey Arhar <jarhar@chromium.org>
+Date: Wed, 1 Oct 2025 02:03:37 -0700
+Subject: InspectorPageAgent provisional frame speculative fix
+
+According to crash reports, addScriptToEvaluateOnNewDocument is running
+on provisional frames.
+
+Fixed: 390710982
+Change-Id: I5cecf63c9517d0b28fff40361c607b0aa54e68cf
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6216479
+Reviewed-by: Alex Rudenko <alexrudenko@chromium.org>
+Commit-Queue: Alex Rudenko <alexrudenko@chromium.org>
+Auto-Submit: Joey Arhar <jarhar@chromium.org>
+Cr-Commit-Position: refs/heads/main@{#1523418}
+
+diff --git a/third_party/blink/renderer/core/inspector/inspector_page_agent.cc b/third_party/blink/renderer/core/inspector/inspector_page_agent.cc
+index 386df6dc728e5a1b1aac9865c1687db03f48d9ee..77bcd0f9f8155d1c9ddc167f594791abf48fcfb9 100644
+--- a/third_party/blink/renderer/core/inspector/inspector_page_agent.cc
++++ b/third_party/blink/renderer/core/inspector/inspector_page_agent.cc
+@@ -603,7 +603,11 @@ protocol::Response InspectorPageAgent::addScriptToEvaluateOnNewDocument(
+     // Runtime.enable that forces main context creation. In this case, we would
+     // not normally evaluate the script, but we should.
+     for (LocalFrame* frame : *inspected_frames_) {
+-      EvaluateScriptOnNewDocument(*frame, *identifier);
++      // Don't evaluate scripts on provisional frames:
++      // https://crbug.com/390710982
++      if (!frame->IsProvisional()) {
++        EvaluateScriptOnNewDocument(*frame, *identifier);
++      }
+     }
+   }
+ 
+diff --git a/third_party/blink/web_tests/FlagExpectations/disable-site-isolation-trials b/third_party/blink/web_tests/FlagExpectations/disable-site-isolation-trials
+index 8df5aa4252464bd4bf06d04b1b4f100453954082..a58b683bd7f2bea8b059f096b48e61d9cd9302d7 100644
+--- a/third_party/blink/web_tests/FlagExpectations/disable-site-isolation-trials
++++ b/third_party/blink/web_tests/FlagExpectations/disable-site-isolation-trials
+@@ -63,6 +63,7 @@ http/tests/inspector-protocol/target/target-filter.js [ Skip ]
+ virtual/fenced-frame-mparch/http/tests/inspector-protocol/fenced-frame/fenced-frame-in-oopif-auto-attach.js [ Skip ]
+ http/tests/inspector-protocol/target/target-info-changed-auto-attach.js [ Skip ]
+ http/tests/inspector-protocol/page/frame-detached-oopif.js [ Skip ]
++http/tests/inspector-protocol/page/addScriptToEvaluateOnNewDocument-reload.js [ Skip ]
+ 
+ # Rely on OOPIF for an iframe to be a separate devtools target
+ http/tests/inspector-protocol/timeline/auction-worklet-frame.js [ Skip ]
+diff --git a/third_party/blink/web_tests/http/tests/inspector-protocol/page/addScriptToEvaluateOnNewDocument-reload-expected.txt b/third_party/blink/web_tests/http/tests/inspector-protocol/page/addScriptToEvaluateOnNewDocument-reload-expected.txt
+new file mode 100644
+index 0000000000000000000000000000000000000000..0131df6c227e1803741e654d42b15f589275061a
+--- /dev/null
++++ b/third_party/blink/web_tests/http/tests/inspector-protocol/page/addScriptToEvaluateOnNewDocument-reload-expected.txt
+@@ -0,0 +1,28 @@
++Tests that Page.addScriptToEvaluateOnNewDocument on auto-attach with runImmediately=true.
++Regression test for crbug.com/390710982.
++console called: {
++    method : Runtime.consoleAPICalled
++    params : {
++        args : [
++            [0] : {
++                type : string
++                value : evaluated
++            }
++        ]
++        executionContextId : <number>
++        stackTrace : {
++            callFrames : [
++                [0] : {
++                    columnNumber : 8
++                    functionName :
++                    lineNumber : 0
++                    scriptId : <string>
++                    url :
++                }
++            ]
++        }
++        timestamp : <number>
++        type : log
++    }
++    sessionId : <string>
++}
+diff --git a/third_party/blink/web_tests/http/tests/inspector-protocol/page/addScriptToEvaluateOnNewDocument-reload.js b/third_party/blink/web_tests/http/tests/inspector-protocol/page/addScriptToEvaluateOnNewDocument-reload.js
+new file mode 100644
+index 0000000000000000000000000000000000000000..52ebe845c323c6d692147052f3458777dcd7f966
+--- /dev/null
++++ b/third_party/blink/web_tests/http/tests/inspector-protocol/page/addScriptToEvaluateOnNewDocument-reload.js
+@@ -0,0 +1,31 @@
++(async function(/** @type {import('test_runner').TestRunner} */ testRunner) {
++  const { session, dp } = await testRunner.startBlank(
++    `Tests that Page.addScriptToEvaluateOnNewDocument on auto-attach with runImmediately=true.
++Regression test for crbug.com/390710982.`);
++
++  await dp.Page.enable();
++  await dp.Target.enable();
++  await dp.Target.setAutoAttach({ flatten: true, autoAttach: true, waitForDebuggerOnStart: true });
++
++  dp.Target.onAttachedToTarget(async event => {
++    const dp2 = session.createChild(event.params.sessionId).protocol;
++    dp2.Page.enable();
++    dp2.Runtime.enable();
++    dp2.Runtime.onConsoleAPICalled(event => {
++      testRunner.log(event, 'console called: ');
++    });
++    dp2.Page.addScriptToEvaluateOnNewDocument({
++      source: 'console.log("evaluated")',
++      runImmediately: true,
++    });
++    await dp2.Runtime.runIfWaitingForDebugger();
++  });
++
++  const loaded = dp.Page.onceLoadEventFired();
++  await dp.Page.navigate({
++    url: testRunner.url('resources/iframe-src.html')
++  });
++  await loaded;
++
++  testRunner.completeTest();
++});

script/build-stats.mjs

@@ -0,0 +1,96 @@
+import * as fs from 'node:fs/promises';
+import { fileURLToPath } from 'node:url';
+import { parseArgs } from 'node:util';
+
+async function main () {
+  const { positionals: [filename], values: { 'upload-stats': uploadStats } } = parseArgs({
+    allowPositionals: true,
+    options: {
+      'upload-stats': {
+        type: 'boolean',
+        default: false
+      }
+    }
+  });
+
+  if (!filename) {
+    throw new Error('filename is required (should be a siso.INFO file)');
+  }
+
+  const log = await fs.readFile(filename, 'utf-8');
+
+  // We expect to find a line which looks like stats=build.Stats{..., CacheHit:39008, Local:4778, Remote:0, LocalFallback:0, ...}
+  const match = log.match(/stats=build\.Stats{(.*)}/);
+
+  if (!match) {
+    throw new Error('could not find stats=build.Stats in log');
+  }
+
+  const stats = Object.fromEntries(match[1].split(',').map(part => {
+    const [key, value] = part.trim().split(':');
+    return [key, parseInt(value)];
+  }));
+  const hitRate = stats.CacheHit / (stats.Remote + stats.CacheHit + stats.LocalFallback);
+
+  console.log(`Effective cache hit rate: ${(hitRate * 100).toFixed(2)}%`);
+
+  if (uploadStats) {
+    if (!process.env.DD_API_KEY) {
+      throw new Error('DD_API_KEY is not set');
+    }
+
+    const timestamp = Math.round(new Date().getTime() / 1000);
+
+    const tags = [];
+
+    if (process.env.TARGET_ARCH) tags.push(`target-arch:${process.env.TARGET_ARCH}`);
+    if (process.env.TARGET_PLATFORM) tags.push(`target-platform:${process.env.TARGET_PLATFORM}`);
+    if (process.env.GITHUB_HEAD_REF) {
+      // Will be set in pull requests
+      tags.push(`branch:${process.env.GITHUB_HEAD_REF}`);
+    } else if (process.env.GITHUB_REF_NAME) {
+      // Will be set for release branches
+      tags.push(`branch:${process.env.GITHUB_REF_NAME}`);
+    }
+
+    const series = [
+      {
+        metric: 'electron.build.effective-cache-hit-rate',
+        points: [{ timestamp, value: (hitRate * 100).toFixed(2) }],
+        type: 3, // GAUGE
+        unit: 'percent',
+        tags
+      }
+    ];
+
+    // Add all raw stats as individual metrics
+    for (const [key, value] of Object.entries(stats)) {
+      series.push({
+        metric: `electron.build.stats.${key.toLowerCase()}`,
+        points: [{ timestamp, value }],
+        type: 1, // COUNT
+        tags
+      });
+    }
+
+    await fetch('https://api.datadoghq.com/api/v2/series', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'DD-API-KEY': process.env.DD_API_KEY
+      },
+      body: JSON.stringify({ series })
+    });
+  }
+}
+
+if ((await fs.realpath(process.argv[1])) === fileURLToPath(import.meta.url)) {
+  main()
+    .then(() => {
+      process.exit(0);
+    })
+    .catch((err) => {
+      console.error(`ERROR: ${err.message}`);
+      process.exit(1);
+    });
+}

shell/browser/native_window_views.cc

@@ -267,7 +267,7 @@ NativeWindowViews::NativeWindowViews(const gin_helper::Dictionary& options,
   params.remove_standard_frame = !has_frame() || has_client_frame();
 
   // If a client frame, we need to draw our own shadows.
-  if (IsTranslucent() || has_client_frame())
+  if (transparent() || has_client_frame())
     params.opacity = InitParams::WindowOpacity::kTranslucent;
 
   // The given window is most likely not rectangular since it is translucent and
@@ -301,7 +301,7 @@ NativeWindowViews::NativeWindowViews(const gin_helper::Dictionary& options,
 
   widget()->Init(std::move(params));
   widget()->SetNativeWindowProperty(kNativeWindowKey.c_str(), this);
-  SetCanResize(resizable_);
+  widget()->OnSizeConstraintsChanged();
 
   const bool fullscreen = options.ValueOrDefault(options::kFullscreen, false);
 
@@ -355,11 +355,11 @@ NativeWindowViews::NativeWindowViews(const gin_helper::Dictionary& options,
     // frameless.
 
     DWORD frame_style = WS_CAPTION | WS_OVERLAPPED;
-    if (resizable_)
+    if (CanResize())
       frame_style |= WS_THICKFRAME;
     if (minimizable_)
       frame_style |= WS_MINIMIZEBOX;
-    if (maximizable_)
+    if (maximizable_ && CanResize())
       frame_style |= WS_MAXIMIZEBOX;
 
     // We should not show a frame for transparent window.
@@ -867,7 +867,7 @@ void NativeWindowViews::SetBounds(const gfx::Rect& bounds, bool animate) {
 #if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX)
   // On Linux and Windows the minimum and maximum size should be updated with
   // window size when window is not resizable.
-  if (!resizable_) {
+  if (!CanResize()) {
     SetMaximumSize(bounds.size());
     SetMinimumSize(bounds.size());
   }
@@ -948,26 +948,21 @@ extensions::SizeConstraints NativeWindowViews::GetContentSizeConstraints()
 
 void NativeWindowViews::SetResizable(bool resizable) {
   if (resizable != resizable_) {
+    resizable_ = resizable;
     // On Linux there is no "resizable" property of a window, we have to set
     // both the minimum and maximum size to the window size to achieve it.
     if (resizable) {
       SetContentSizeConstraints(old_size_constraints_);
-      SetMaximizable(maximizable_);
     } else {
       old_size_constraints_ = GetContentSizeConstraints();
-      resizable_ = false;
       gfx::Size content_size = GetContentSize();
       SetContentSizeConstraints(
           extensions::SizeConstraints(content_size, content_size));
     }
-  }
-
-  resizable_ = resizable;
-  SetCanResize(resizable_);
-
 #if BUILDFLAG(IS_WIN)
-  UpdateThickFrame();
+    UpdateThickFrame();
 #endif
+  }
 }
 
 bool NativeWindowViews::MoveAbove(const std::string& sourceId) {
@@ -1012,12 +1007,20 @@ void NativeWindowViews::MoveTop() {
 #endif
 }
 
+bool NativeWindowViews::CanResize() const {
+#if BUILDFLAG(IS_WIN)
+  return resizable_ && thick_frame_;
+#else
+  return resizable_;
+#endif
+}
+
 bool NativeWindowViews::IsResizable() const {
 #if BUILDFLAG(IS_WIN)
   if (has_frame())
     return ::GetWindowLong(GetAcceleratedWidget(), GWL_STYLE) & WS_THICKFRAME;
 #endif
-  return resizable_;
+  return CanResize();
 }
 
 void NativeWindowViews::SetAspectRatio(double aspect_ratio,
@@ -1818,7 +1821,7 @@ views::View* NativeWindowViews::GetInitiallyFocusedView() {
 }
 
 bool NativeWindowViews::CanMaximize() const {
-  return resizable_ && maximizable_;
+  return CanResize() && maximizable_;
 }
 
 bool NativeWindowViews::CanMinimize() const {

shell/browser/native_window_views.h

@@ -89,6 +89,7 @@ class NativeWindowViews : public NativeWindow,
   bool IsResizable() const override;
   void SetAspectRatio(double aspect_ratio,
                       const gfx::Size& extra_size) override;
+  bool CanResize() const override;
   void SetMovable(bool movable) override;
   bool IsMovable() const override;
   void SetMinimizable(bool minimizable) override;

shell/browser/net/proxying_websocket.cc

@@ -401,7 +401,7 @@ void ProxyingWebSocket::OnHeadersReceivedCompleteForAuth(
 
   auto continuation = base::BindRepeating(
       &ProxyingWebSocket::OnAuthRequiredComplete, weak_factory_.GetWeakPtr());
-  auto auth_rv = AuthRequiredResponse::kIoPending;
+  auto auth_rv = AuthRequiredResponse::kCancelAuth;
   PauseIncomingMethodCallProcessing();
 
   OnAuthRequiredComplete(auth_rv);

shell/browser/ui/message_box_win.cc

@@ -163,8 +163,19 @@ DialogResult ShowTaskDialogWstr(gfx::AcceleratedWidget parent,
     config.dwFlags |= TDF_POSITION_RELATIVE_TO_WINDOW;
   }
 
-  if (default_id > 0)
-    config.nDefaultButton = kIDStart + default_id;
+  if (default_id >= 0 &&
+      base::checked_cast<size_t>(default_id) < buttons.size()) {
+    if (!no_link) {
+      auto common = GetCommonID(buttons[default_id]);
+      if (common.button != -1) {
+        config.nDefaultButton = common.id;
+      } else {
+        config.nDefaultButton = kIDStart + default_id;
+      }
+    } else {
+      config.nDefaultButton = kIDStart + default_id;
+    }
+  }
 
   // TaskDialogIndirect doesn't allow empty name, if we set empty title it
   // will show "electron.exe" in title.

shell/common/platform_util_mac.mm

@@ -148,6 +148,12 @@ void OpenExternal(const GURL& url,
     return;
   }
 
+  // Check this to prevent system dialog from popping up on macOS Tahoe.
+  if (![[NSWorkspace sharedWorkspace] URLForApplicationToOpenURL:ns_url]) {
+    std::move(callback).Run("No application found to open URL");
+    return;
+  }
+
   NSWorkspaceOpenConfiguration* configuration =
       [NSWorkspaceOpenConfiguration configuration];
   configuration.activates = options.activate;

spec/api-browser-window-spec.ts

@@ -5455,7 +5455,7 @@ describe('BrowserWindow module', () => {
           thickFrame: true,
           transparent: true
         });
-        expect(w.isResizable()).to.be.true('resizable');
+        expect(w.isResizable()).to.be.false('resizable');
         w.maximize();
         expect(w.isMaximized()).to.be.true('maximized');
         const bounds = w.getBounds();

spec/api-shell-spec.ts

@@ -82,6 +82,11 @@ describe('shell module', () => {
       ]);
     });
 
+    ifit(process.platform === 'darwin')('throws when there is no application registered to open the URL', async () => {
+      const url = `unknownscheme-${Date.now()}://test`;
+      await expect(shell.openExternal(url)).to.eventually.be.rejectedWith(/No application found to open URL/);
+    });
+
     it('opens an external link in the renderer', async () => {
       const { url, requestReceived } = await urlOpened();
       const w = new BrowserWindow({ show: false, webPreferences: { sandbox: false, contextIsolation: false, nodeIntegration: true } });