I have 2FA (FIDO/Yubikey) set up for GitHub, and the session login was redirecting to my browser. Looking at the redirect path, it appears that github.com/session is involved, so adding that to internal login details.
With this patched, I'm able to login in to https://octobox.io/ in nativefier.
As discussed in #283 this PR will allow injected JS to do SOME interaction with the Electron session.
There is a full explanation of what this feature can, and cannot do, with examples in the api.md documentation.
This will provide a path for resolving many of our issues where users may "self-service" the solution by injecting JS that performs the task needed to meet their objectives.
Co-authored-by: Ronan Jouchet <ronan@jouchet.fr>
See discussion at https://github.com/nativefier/nativefier/pull/1124#issuecomment-794751514 :
> @TheCleric I was about to merge this, then reconsidered one little thing (yes I wrote "little", I'm not reconsidering this whole thing 😅).
>
> I'm re-considering having the extra flag. I'm not so sure this will harm a lot of use cases. I'd like to 1. merge this PR, 2. immediately follow up with a small commit removing the flag & adjusting api.md, 3. release with the change well-documented / asking for feedback if this is problematic to anyone. (I'm not asking you any extra work, and like leaving an in-tree commit trace of considering the flag). If people complain with a valid reason, we'll restore the flag with a quick revert, else we're happy with one less flag and a reasonably-handled breaking change.
>
> Thoughts / objections?
Answered by:
> That seems reasonable to me.
>
> [discussion on an extra structured way to pass flags]
In 6b266b7815, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
This one may be problematic, as it used to do TLD stuff:
https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
So, the new WHATWG-URL-based implementation will consider
`asana.com` to be "external" to `app.asana.com`, contrarily to before.
Given the nature of Nativefier, I think it's actually what to expect,
that in this case your "out of the app", and in e.g. asana landing's page,
which you'd expect to see in your browser.
Let's see if users disagree with that.
Thinking about it again, the user-friendlier `a.x` syntax has one disadvantage
over `^a.b.c`: it doesn't force deps upgrades when they upgrade Nativefier.
`a.x` is fine on initial install, but a user with an insecure dep
(e.g. axios 0.19.0) will _not_ get fixed axios 0.21.1 on upgrading Nativefier.
-> Come back to `a.x` everywhere.
Still not introducing package locks, they're too confusing to new devs.
See https://github.com/nativefier/nativefier/pull/1099#issuecomment-761250232
1. Fix (broken since 2016): Notifications broken by lambda constructor
2. Fix: `--processEnvs` broken by additional processEnvs object, the result was:
`processEnvs: {processEnvs: {...}}` which caused the conversion of the inner object into string `[object Object]`, no nesting allowed there probably. Compatibility introduced.
3. Fix: package.json missing `prepare` (or even prepublish), which breaks using as git dependency.
As documented in https://github.com/jiahaog/nativefier/issues/923#issuecomment-599300317 ,
- #923 is caused by installing placeholder app deps at nativefier
*install* time, with yarn (8.0.2) or npm (8.0.3). This is new in
Nativefier 8.x, for the motivations behind it, see
https://github.com/jiahaog/nativefier/pull/898#issuecomment-583865045
- During testing, I did test global installs, but never to a
system / non-user-writable path (my `$npm_config_prefix` is set to
`"$HOME/.node_modules"`)
- But without such a config and when installing globally to a
non-user-writable/system path with `sudo npm i -g nativefier`,
- Installation of nativefier core works...
- ... but then `postinstall` tries to do its job of installing
app deps, and fails in various OS-dependent ways, but all about
access rights.
I suspect that, although main nativefier install runs as `su` with
access rights to system paths, `postinstall` scripts are run *out*
of `su`.
That would make sense for security reasons: out of hook scripts,
npm knows exactly what will be touched in your filesystem: it's the
static contents of the published tarball; a postinstall script with
sudo rights could do nasty dynamic stuff. So, although I don't see
any mention of that in
[npm-scripts docs / hooks](https://docs.npmjs.com/misc/scripts#hook-scripts)
and I haven't dug npm/cli's code, I can understand it.
So, reverting back to `webpack`ing the placeholder app, as done pre-8.0.
## Breaking changes
- Require **Node >= 8.10.0 and npm 5.6.0**
- Move to **Electron 8.1.1**.
- That's it. Lots of care went into breaking CLI & programmatic behavior
as little as possible. **Please report regressions**.
- Known issue: build may fail behind a proxy. Get in touch if you use one:
https://github.com/jiahaog/nativefier/issues/907#issuecomment-596144768
## Changes summary
Nativefier didn't get much love recently, to the point that it's
becoming hard to run on recent Node, due to old dependencies.
Also, some past practices now seem weird, as better expressible
by modern JS/TS, discouraging contributions including mine.
Addressing this, and one thing leading to another, came a
bigger-than-expected revamp, aiming at making Nativefier more
**lean, stable, future-proof, user-friendly and dev-friendly**,
while **not changing the CLI/programmatic interfaces**. Highlights:
- **Require Node>=8**, as imposed by many of our dependencies. Node 8
is twice LTS, and easily available even in conservative Linux distros.
No reason not to demand it.
- **Default to Electron 8**.
- **Bump** all dependencies to latest version, including electron-packager.
- **Move to TS**. TS is great. As of today, I see no reason not to use it,
and fight interface bugs at runtime rather than at compile time.
With that, get rid of everything Babel/Webpack.
- **Move away from Gulp**. Gulp's selling point is perf via streaming,
but for small builds like Nativefier, npm tasks are plenty good
and less dependency bloat. Gulp was the driver for this PR: broken
on Node 12, and I didn't feel like just upgrading and keeping it.
- Add tons of **verbose logs** everywhere it makes sense, to have a
fine & clear trace of the program flow. This will be helpful to
debug user-reported issues, and already helped me fix a few bugs.
- With better simple logging, get rid of the quirky and buggy
progress bar based on package `progress`. Nice logging (minimal
by default, the verbose logging mentioned above is only used
when passing `--verbose`) is better and one less dependency.
- **Dump `async` package**, a relic from old callback-hell early Node.
Also dump a few other micro-packages unnecessary now.
- A first pass of code **cleanup** thanks to modern JS/TS features:
fixes, simplifications, jsdoc type annotations to types, etc.
- **Remove GitHub integrations Hound & CodeClimate**, which are more
exotic than good'ol'linters, and whose signal-to-noise ratio is too low.
- Quality: **Add tests** and add **Windows + macOS CI builds**.
Also, add a **manual test script**, helping to quickly verify the
hard-to-programatically-test stuff before releases, and limit regressions.
- **Fix a very small number of existing bugs**. The goal of this PR was
*not* to fix bugs, but to get Nativefier in better shape to do so.
Bugfixes will come later. Still, these got addressed:
- Add common `Alt`+`Left`/`Right` for previous/next navigation.
- Improve #379: fix zoom with `Ctrl` + numpad `+`/`-`
- Fix pinch-to-zoom (see https://github.com/jiahaog/nativefier/issues/379#issuecomment-598612128 )
The API `tray.setHighlightMode(mode)` has been be removed in electron v7.0
without replacement.
This causes the display of an error dialog every time an app is
shown/hidden if the parameter `--tray` is used when nativefying. This is
completely independent form the website you are nativefying and it
happens with all the version of electron after 6.x.
Source: https://www.electronjs.org/docs/api/breaking-changes#tray
**Resolves #855**
**Example result upon Terminal launch:**
`WARNING: Ignored nativefier.json rewrital (Error: EACCES: permission denied, open '/usr/lib/jupyter-remote-client/resources/app/nativefier.json')`
**Behaviour:**
+ Instead of crashing, the application properly opens and is always maximized.
+ When permissions are R/W, the application is maximized on first launch and the closing states are remembered by the OS throughout launches.
nodeIntegration is required if eg. Javascript code makes use of the
`require` expression to import classes into the current scope. login.js
uses an electron import - without it, the callback mechanism does not
work, and thus the whole login functionality.
Electron seems to have changed the default value for a windows `nodeIntegration` to `false` since version 5 (see https://stackoverflow.com/questions/55093700/electron-5-0-0-uncaught-referenceerror-require-is-not-defined)
Without the integration, the login component's functionality is broken, though. This PR enables the nodeIntegration feature for the login window and makes it properly propagate the given credentials.
Tested with Electron 6.0.0 on Linux.
* As explained in: https://github.com/electron/electron/issues/8862#issuecomment-294303518
an issue with .quit() exists with a "Cannot find module '../screen'" issue,
while using the .exit() alternative avoids the issue
* Validated on Windows with the same logic as #744 where the issue recently appeared
On Linux if you try to change the keyboard layout with Alt + Shift,
the menu will pop up. Shortcuts are needed because Electron opens
the first menu on pressing `Alt` if no hotkey is assigned.
[Similar issue in RocketChat](https://github.com/RocketChat/Rocket.Chat.Electron/issues/50)
- Add a new `clearCache` option and `--clear-cache` parameter
to trigger session cleanups upon window launch and close
- Covers the feature request from issue #316
- Use case example: Forcing authentification / login between sessions without limiting cache size
[Squirrel](https://github.com/Squirrel/Squirrel.Windows) is *"an installation and update
framework for Windows desktop apps "*.
This PR adds `electron-squirrel-startup`, allowing to package nativefier applications
into squirrel-based setup installers. Squirrel require this entrypoint to perform
desktop and startup menu creations, without showing the UI on setup launches.
- References: https://github.com/mongodb-js/electron-squirrel-startup
- Resolves `electron-winstaller` and `electron-installer-windows` support of desktop / startup menu shortcuts for nativefier packaged applications.
- The `electron-squirrel-startup` entrypoint has no effect on both Linux and Darwin, only on Windows
- Supporting it directly inside `nativefier` avoids having to "hack" around the existing `main.js`
and including dependencies from `electron-squirrel-startup` in an intermediate package
to be included in a third layer for the final installer executable
- The following script based on both `nativefier` and `electron-winstaller` templates
represents a portable proof of concept for this merge request :
```js
var nativefier = require('nativefier').default;
var electronInstaller = require('electron-winstaller');
var options = {
name: 'Web WhatsApp',
targetUrl: 'http://web.whatsapp.com',
platform: 'windows',
arch: 'x64',
version: '0.36.4',
out: '.',
overwrite: false,
asar: false,
counter: false,
bounce: false,
width: 1280,
height: 800,
showMenuBar: false,
fastQuit: false,
userAgent: 'Mozilla ...',
ignoreCertificate: false,
ignoreGpuBlacklist: false,
enableEs3Apis: false,
insecure: false,
honest: false,
zoom: 1.0,
singleInstance: false,
fileDownloadOptions: {
saveAs: true
},
processEnvs: {
GOOGLE_API_KEY: '<your-google-api-key>'
}
};
nativefier(options, function(error, appPath) {
if (error) {
console.error(error);
return;
}
console.log('App has been nativefied to', appPath);
resultPromise = electronInstaller.createWindowsInstaller({
appDirectory: 'Web WhatsApp-win32-x64',
outputDirectory: './',
authors: 'Web WhatsApp',
exe: 'Web WhatsApp.exe'
});
resultPromise.then(() => console.log('It worked!'), e => console.log(`No dice: ${e.message}`));
});
```
* Fix for CSS Injection not working (#703)
Issue:
When using `onHeadersReceived`, the code was passing `null` for the filters.
This appears to trigger behaviour that matches _no_ urls at all.
This results in it never being called to inject the CSS.
Fix:
Pass an empty array instead. Now it's called for all URLs.
Tests pass & linting is clean
* Fix JavaScript injection (#731)
Issue:
It appears that on low endd evices (Core m3 MacBook), the attachment to
`DOMContentLoaded` happens _after_ the event has been raised, so does
not have a chance to inject the script.
Fix:
Move the attachment to the top of the file -- before the imports. This
triggers a bunch of linting erros, so also added disablement inplace.
Additional:
Clarified when the injected JS gets loaded, and what it can assume about
the DOM.
This adds a new flag, allowing the user to define global shortcuts that trigger input events within the main window.
That way, I could easily wrap SoundCloud and Deezer to create a native app which reacts on my keyboard media buttons.
When the `getCurrentUrl` function was refactored to make use of the `withFocusedWindow` function in ac99c6424d, it stopped returning a value and broke the "Copy Current URL" feature (#633).
This change restores the original behavior of the getCurrentURL function and makes the "Copy Current URL" feature functional again.
When using an app such as Gmail, the unread count is included in the title, and the --counter feature displays that number on the dock icon. However, when the number is larger than 999, it includes commas in the number (e.g. "1,000"), and the number is no longer displayed on the dock icon, because the regular expression used to detect the counter value does not permit punctuation. This change modifies the regular expression used to match the counter value to permit "." and ",".
* Fix sites that use about:blank redirect technique
When you open some links with Google Calendar, instead of opening the link directly, the site opens a new window with the location 'about:blank' and then sets the new window's document content to include a refresh directive to open the actual link. This change causes the 'about:blank' links to be handled internally so that the technique can actually work.
* Hide 'about:blank' windows while they perform the redirect
After a new window is created for an 'about:blank' link, the redirect occurs, which causes another window to be opened. This change causes the 'about:blank' to be created hidden, and then closed entirely once the redirect finishes.
* Add tests for `linkIsInternal`
* Refactor onNewWindow to make it testable
The tab feature introduced by #579 included a change that checks the `disposition` parameter and conditionally creates tabs, and that check was placed prior to the check to see if the URL is internal. This change moves the `linkIsInternal()` check earlier so that external links are always opened externally, regardless of disposition.
As part of #591, all window creation was routed through a createNewWindow function. That change introduced the regression reported in #616 in which popup windows could not communicate with their parent windows. This change reverts that behavior for windows opened via JavaScript (that aren't being opened as tabs and aren't being opened in external browsers), thereby fixing the reported regression.
By changing incorrect window `guest` property to `newGuest`. See
https://github.com/electron/electron/blob/master/docs/api/web-contents.md#event-new-window
> Calling `event.preventDefault()` will prevent Electron from
> automatically creating a new BrowserWindow. If you call
> `event.preventDefault()` and manually create a new BrowserWindow
> then you must set `event.newGuest` to reference the new BrowserWindow
> instance, failing to do so may result in unexpected behavior.
Electron supports using native tabs on macOS (API added in Electron 1.8.1). This change adds a context menu item on platforms that support it (macOS for now) to open links in new tabs, and also adds support for {command,middle}-clicking links to open them in a new tab.
Maintainer (@ronjouch) note: this feature is macOS-only. Windows/Linux patches welcome 🙂.
The electron-context-menu package uses the context-menu event emitted by WebContents (API added in Electron 1.0.2) to add a general context menu supporting generic actions (e.g. cut/copy/paste) that can be customized. This change replaces the existing context menu, which relies on adding an event listener in preload.js, with one built using the new package.
* Update deps except eslint
* Update eslint and lint:fix (WIP, needs manual fixing for remaining 44 problems)
* Manually fix remaining eslint errors
* Document deprecation of `version-string` as of electron-packager 9.0.0
* Upgrade to Electron 1.7.9 (chrome-58, node-7.9.0, v8-5.8)
* npm: Disable generation of package-lock.json and gitignore it
--Trying this, package-lock is a pain in PRs. May not be a good idea
(obviously we lose deps pinning), will revert if necessary.--
* npm tasks: add dev-up-win for Windows developers,
and e2e for end-to-end tests. Update docs.
* Move normalizeUrl test to a jest unit test, makes no sense to be in the mocha e2e tests
* Switch from babel-preset-es2015 to babel-preset-env,
with target.node=4.0. Seem like it's today's most convenient
way to support the latest ES and let babel transpile to what
makes sense for our currently minimal node version
* When zooming in/out, start from the options zoom, not 1 (don't jump)
* Add 'Zoom Reset' feature bound to Ctrl+0, with indicative label for non-100% zoom value
Test case: open nativefier on
```html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Test</title>
</head>
<body>
<a href="https://google.com/">Google</a>
<br>
<a href="https://google.com/"><span>Google, in span</span></a>
</body>
</html>
```
* **Expected**: both links open in default browser
* **Actual under nativefier 7.0.1**: Nothing happens when clicking the second link in which the `<a>` contains a `<span>`