open: add allowHTTP option
completely block HTTP by default
This commit is contained in:
CanadaHonk
parent
d11ac0a944
commit
7f22aa55b0
11
gluon.d.ts
vendored
11
gluon.d.ts
vendored
@ -499,7 +499,16 @@ type OpenOptions = {
|
||||
forceBrowser?: Browser,
|
||||
|
||||
/** Force Gluon to use a specific browser engine instead of automatically finding a browser itself. */
|
||||
forceEngine?: BrowserEngine
|
||||
forceEngine?: BrowserEngine,
|
||||
|
||||
/**
|
||||
* Opt-in to allowing HTTP. Not recommended to use, always keep `false` where possible. Primarily to support custom localhost servers.
|
||||
* Options:
|
||||
* - `false`: HTTP is **completely disabled**. Recommended.
|
||||
* - `mixed`: HTTP is **enabled for mixed content**, but not as window URL. **Not recommended.**
|
||||
* - `true`: HTTP is **completely enabled**. **Not recommended.**
|
||||
*/
|
||||
allowHTTP?: false | 'mixed' | true
|
||||
};
|
||||
|
||||
/**
|
||||
|
||||
@ -7,12 +7,13 @@ const presets = { // Presets from OpenAsar
|
||||
'memory': '--in-process-gpu --js-flags="--lite-mode --optimize_for_size --wasm_opt --wasm_lazy_compilation --wasm_lazy_validation --always_compact" --renderer-process-limit=2 --enable-features=QuickIntensiveWakeUpThrottlingAfterLoading' // Less (?) memory usage
|
||||
};
|
||||
|
||||
export default async ({ browserPath, dataPath }, { url, windowSize }, extra) => {
|
||||
export default async ({ browserPath, dataPath }, { url, windowSize, allowHTTP }, extra) => {
|
||||
return await StartBrowser(browserPath, [
|
||||
`--app=${url}`,
|
||||
`--remote-debugging-pipe`,
|
||||
`--user-data-dir=${dataPath}`,
|
||||
windowSize ? `--window-size=${windowSize.join(',')}` : '',
|
||||
![true, 'mixed'].includes(allowHTTP) ? `--enable-strict-mixed-content-checking` : '--allow-running-insecure-content',
|
||||
...`--new-window --no-first-run --no-default-browser-check --disable-component-extensions-with-background-pages --disable-extensions --disable-default-apps --disable-breakpad --disable-crashpad --disable-background-networking --disable-domain-reliability --disable-component-update --disable-sync --disable-features=AutofillServerCommunication -in-process-gpu ${presets.perf}`.split(' ')
|
||||
], 'stdio', extra);
|
||||
};
|
||||
@ -4,7 +4,7 @@ import { join } from 'path';
|
||||
import StartBrowser from '../launcher/start.js';
|
||||
|
||||
|
||||
export default async ({ browserPath, dataPath }, { url, windowSize }, extra) => {
|
||||
export default async ({ browserPath, dataPath }, { url, windowSize, allowHTTP }, extra) => {
|
||||
await mkdir(dataPath, { recursive: true });
|
||||
await writeFile(join(dataPath, 'user.js'), `
|
||||
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
|
||||
@ -20,6 +20,11 @@ user_pref('fission.bfcacheInParent', false);
|
||||
user_pref('fission.webContentIsolationStrategy', 0);
|
||||
user_pref('ui.key.menuAccessKeyFocuses', false);
|
||||
${process.platform === 'darwin' ? `user_pref('browser.tabs.inTitlebar', 0);` : `` }
|
||||
|
||||
user_pref('security.mixed_content.block_active_content', ${![true, 'mixed'].includes(allowHTTP) ? 'true' : 'false'});
|
||||
user_pref('security.mixed_content.block_display_content', ${![true, 'mixed'].includes(allowHTTP) ? 'true' : 'false'});
|
||||
user_pref('security.mixed_content.block_object_subrequest', ${![true, 'mixed'].includes(allowHTTP) ? 'true' : 'false'});
|
||||
user_pref('security.mixed_content.upgrade_display_content', true);
|
||||
`);
|
||||
|
||||
// user_pref('privacy.resistFingerprinting', false);
|
||||
|
||||
13
src/index.js
13
src/index.js
@ -175,7 +175,7 @@ const getBrowserType = name => { // todo: not need this
|
||||
const portRange = [ 10000, 60000 ];
|
||||
const generatePort = () => (Math.floor(Math.random() * (portRange[1] - portRange[0] + 1)) + portRange[0]);
|
||||
|
||||
const startBrowser = async (url, { windowSize, forceBrowser, forceEngine }) => {
|
||||
const startBrowser = async (url, { allowHTTP, windowSize, forceBrowser, forceEngine }) => {
|
||||
const [ browserPath, browserName ] = await findBrowserPath(forceBrowser, forceEngine);
|
||||
const browserFriendlyName = getFriendlyName(browserName);
|
||||
|
||||
@ -199,7 +199,8 @@ const startBrowser = async (url, { windowSize, forceBrowser, forceEngine }) => {
|
||||
browserPath
|
||||
}, {
|
||||
url: openingLocal ? localUrl : url,
|
||||
windowSize
|
||||
windowSize,
|
||||
allowHTTP
|
||||
}, {
|
||||
browserName: browserFriendlyName,
|
||||
url: openingLocal ? basePath : url,
|
||||
@ -213,10 +214,14 @@ const startBrowser = async (url, { windowSize, forceBrowser, forceEngine }) => {
|
||||
return Window;
|
||||
};
|
||||
|
||||
export const open = async (url, { windowSize, onLoad, forceBrowser, forceEngine } = {}) => {
|
||||
export const open = async (url, opts = {}) => {
|
||||
const { onLoad, allowHTTP } = opts;
|
||||
|
||||
if (allowHTTP !== true && url.startsWith('http://')) throw new Error(`HTTP URLs are blocked by default. Please use HTTPS, or if not possible, enable the 'allowHTTP' option.`);
|
||||
|
||||
log('starting browser...');
|
||||
|
||||
const Browser = await startBrowser(url, { windowSize, forceBrowser, forceEngine });
|
||||
const Browser = await startBrowser(url, opts);
|
||||
|
||||
if (onLoad) {
|
||||
const toRun = `(() => {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user