electron

mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00

Go to file

trop[bot] 842290c50f fix: use requesting frame origin in permission helper and device choosers (#50147 )

* fix: use requesting frame origin instead of top-level URL for permissions

`WebContentsPermissionHelper::RequestPermission` passes
`web_contents_->GetLastCommittedURL()` as the origin to the permission
manager instead of the actual requesting frame's origin. This enables
origin confusion when granting permissions to embedded third-party iframes,
since app permission handlers see the top-level origin instead of the
iframe's. The same pattern exists in the HID, USB, and Serial device
choosers, where grants are keyed to the primary main frame's origin rather
than the requesting frame's.

Fix this by using `requesting_frame->GetLastCommittedOrigin()` in all
affected code paths, renaming `details.requestingUrl` to
`details.requestingOrigin`, and populating it with the serialized
origin only.

Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>

* chore: keep requestingUrl name in permission handler details

The previous commit changed the details.requestingUrl field to
details.requestingOrigin in permission request/check handlers. That
field was already populated from the requesting frame's RFH, so the
rename was unnecessary and would break apps that read the existing
property. Revert to requestingUrl to preserve the existing API shape.

The functional changes to use the requesting frame in
WebContentsPermissionHelper and the HID/USB/Serial choosers remain.

Co-authored-by: Samuel Attard <sattard@anthropic.com>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: Samuel Attard <sattard@anthropic.com>

2026-03-09 22:16:08 -07:00

.devcontainer

build: roll build-image to a82b87d (#49450 )

2026-01-19 19:01:42 +01:00

.github

build: fix code-signing for MacOS x64 tests (#50071 )

2026-03-05 11:14:06 -05:00

.husky

build(deps-dev): bump husky and lint-staged (#47291 )

2025-06-05 20:23:55 +02:00

.yarn/releases

build: upgrade yarn to 4.12.0 (#49179 )

2025-12-10 19:20:43 -08:00

build

ci: fix publish for macOS < 26.0 (#48577 )

2025-10-17 12:57:27 -04:00

buildflags

build: add flag for setting vendor version (#41247 )

2024-02-06 14:23:17 -08:00

chromium_src

chore: bump chromium to 141.0.7390.7 (39-x-y) (#48276 )

2025-09-08 17:08:42 -04:00

default_app

build: drop eslint-plugin-unicorn (#47676 )

2025-07-08 15:20:56 +02:00

docs

fix: screen.getCursorScreenPoint() crash on Wayland (#50106 )

2026-03-08 19:20:30 +01:00

lib

fix: strictly validate sender for internal IPC reply channels (#50118 ) (#50161 )

2026-03-09 17:15:01 -05:00

npm

fix: logical bug in install.js env var handling (#48673 )

2025-10-27 13:35:56 +01:00

patches

chore: cherry-pick a08731cf6d70 from angle (#50171 )

2026-03-09 19:26:52 -05:00

script

build: fix code-signing for MacOS x64 tests (#50071 )

2026-03-05 11:14:06 -05:00

shell

fix: use requesting frame origin in permission helper and device choosers (#50147 )

2026-03-09 22:16:08 -07:00

spec

revert: updated Alt detection to explicitly exclude AltGraph/AltGr (#50109 )

2026-03-09 11:32:20 -04:00

typings

build: drop @types/webpack-env in favor of webpack/module types (#47798 )

2025-08-08 18:09:23 -07:00

.autofix.markdownlint-cli2.jsonc

chore: use markdownlint-cli2 directly for linting Markdown (#42192 )

2024-05-15 14:44:46 -04:00

.clang-format

Add clang-format config file.

2016-10-04 22:42:49 +02:00

.clang-tidy

chore: fix clang-tidy warnings (#38079 )

2023-04-26 10:09:54 -04:00

.dockerignore

build: remove unused install-build-deps (#26891 )

2020-12-09 09:26:21 -08:00

.env.example

chore: remove remaining references to AppVeyor (#45339 )

2025-02-07 12:57:36 +01:00

.eslintrc.json

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

.git-blame-ignore-revs

chore: add ignore revs file for GH blame UI (#33171 )

2022-03-07 18:40:28 -08:00

.gitattributes

build: use github actions for windows (#44136 )

2024-12-12 11:51:24 -05:00

.gitignore

build: update to yarn v4 (#48994 )

2025-11-19 17:32:30 -05:00

.lint-roller.json

chore: update @electron/lint-roller to 2.1.0 (#42078 )

2024-05-10 11:00:15 +02:00

.markdownlint-cli2.jsonc

docs: add Menu module tutorials (#47268 )

2025-07-15 15:09:32 -07:00

.nvmrc

build: bump version in .nvmrc to 22 (#48491 )

2025-10-08 17:02:34 -04:00

.remarkrc

add remark lint to ensure fenced codeblocks are formatted properly.

2017-11-20 14:05:47 +08:00

.yarnrc.yml

build: upgrade yarn to 4.12.0 (#49179 )

2025-12-10 19:20:43 -08:00

BUILD.gn

refactor: use ComPtr pattern for MSIX to avoid exception handling (#49688 )

2026-02-05 14:37:04 -08:00

CODE_OF_CONDUCT.md

docs: ensure all links are on a single line (#42235 )

2024-05-28 11:15:18 -07:00

CONTRIBUTING.md

docs: added missing period for consistency and readability (#45333 )

2025-02-13 10:55:43 +01:00

DEPS

chore: bump node to v22.22.0 (39-x-y) (#49389 )

2026-01-22 09:53:44 -05:00

filenames.auto.gni

feat: msix auto-updater (#49585 )

2026-02-02 09:33:46 +01:00

filenames.gni

fix: use proper quoting for exe paths and args on Windows (#50074 )

2026-03-04 13:37:46 -06:00

filenames.hunspell.gni

chore: bump chromium to 102.0.4961.0 (main) (#33091 )

2022-03-24 21:39:03 -04:00

filenames.libcxx.gni

chore: bump chromium to 142.0.7444.23 (39-x-y) (#48307 )

2025-10-14 11:25:30 -04:00

filenames.libcxxabi.gni

chore: bump chromium to 117.0.5938.0 (main) (#39375 )

2023-08-15 10:49:41 -05:00

LICENSE

chore: update copyright headers (#27697 )

2021-02-12 15:22:41 -08:00

package.json

build: generate artifact attestions for released assets (#49769 )

2026-02-12 10:51:35 -05:00

README.md

docs: update macOS version support in README (#48870 )

2025-11-10 09:52:05 -05:00

SECURITY.md

docs: update SECURITY.md with new GHSA reporting feature (#36367 )

2022-11-15 20:02:01 -08:00

tsconfig.default_app.json

feat: I guess it's esm (#37535 )

2023-08-30 17:38:07 -07:00

tsconfig.electron.json

chore: fix ts config to not complain about extraneous files (#16790 )

2019-02-06 15:46:10 -08:00

tsconfig.json

build: drop @types/webpack-env in favor of webpack/module types (#47798 )

2025-08-08 18:09:23 -07:00

tsconfig.script.json

build: auto-push patch file changes (#26235 )

2020-10-29 14:21:23 -04:00

tsconfig.spec.json

test: drop now-empty remote runner (#35343 )

2022-08-16 15:23:13 -04:00

yarn.lock

build: generate artifact attestions for released assets (#49769 )

2026-02-12 10:51:35 -05:00

README.md

📝 Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪. View these docs in other languages on our Crowdin project.

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by the Visual Studio Code and many other apps.

Follow @electronjs on Twitter for important announcements.

This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to coc@electronjs.org.

Installation

To install prebuilt Electron binaries, use npm. The preferred method is to install Electron as a development dependency in your app:

npm install electron --save-dev

For more installation options and troubleshooting tips, see installation. For info on how to manage Electron versions in your apps, see Electron versioning.

Platform support

Each Electron release provides binaries for macOS, Windows, and Linux.

macOS (Monterey and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
Windows (Windows 10 and up): Electron provides ia32 (x86), x64 (amd64), and arm64 binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy.
Linux: The prebuilt binaries of Electron are built on Ubuntu 22.04. They have also been verified to work on:
- Ubuntu 18.04 and newer
- Fedora 32 and newer
- Debian 10 and newer

Electron Fiddle

Use Electron Fiddle to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and to try out different versions of Electron. It's designed to make the start of your journey with Electron easier.

Resources for learning Electron

electronjs.org/docs - All of Electron's documentation
electron/fiddle - A tool to build, run, and package small Electron experiments
electronjs.org/community#boilerplates - Sample starter apps created by the community

Programmatic usage

Most people use Electron from the command line, but if you require electron inside your Node app (not your Electron app) it will return the file path to the binary. Use this to spawn Electron from Node scripts:

const electron = require('electron')
const proc = require('node:child_process')

// will print something similar to /Users/maf/.../Electron
console.log(electron)

// spawn Electron
const child = proc.spawn(electron)

Mirrors

China

See the Advanced Installation Instructions to learn how to use a custom mirror.

Documentation translations

We crowdsource translations for our documentation via Crowdin. We currently accept translations for Chinese (Simplified), French, German, Japanese, Portuguese, Russian, and Spanish.

Contributing

If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.

Community

Info on reporting bugs, getting help, finding third-party tools and sample apps, and more can be found on the Community page.

License

MIT

When using Electron logos, make sure to follow OpenJS Foundation Trademark Policy.

Languages

C++ 55.9%

TypeScript 33.4%

Objective-C++ 5.5%

JavaScript 2.4%

Python 1.7%

Other 1%