window: rename allowRedirects to allowNavigation

gluon.d.ts

@@ -521,14 +521,14 @@ type OpenOptions = {
   allowHTTP?: false | 'mixed' | true,
 
   /**
-   * Set what redirects are allowed in the window.
+   * Set what top-level navigation is allowed in the window.
    * Options:
-   * - `false`: **No** redirects are allowed.
+   * - `false`: **No** navigation is allowed.
-   * - `same-origin`: Redirects are **allowed if the redirect URL is the same origin** (as the URL given to `open()`).
+   * - `same-origin`: Navigation is allowed **if the redirect URL is the same origin** (as the URL given to `open()`).
-   * - `true`: **All** redirects are allowed. **Not recommended.**
+   * - `true`: **All** navigation is allowed. **Not recommended.**
    * @default 'same-origin'
    */
-  allowRedirects?: false | 'same-origin' | true,
+  allowNavigation?: false | 'same-origin' | true,
 
   /**
    * Set the Content Security Policy when using Local (giving open() a path).

src/index.js

@@ -194,7 +194,7 @@ const defaultCSP = [ 'upgrade-insecure-requests' ].concat(
   [ 'connect-src', 'prefetch-src', 'font-src', 'img-src', 'media-src', 'style-src', 'form-action' ].map(x => `${x} ${csp_allowAll}`)
 ).join('; ');
 
-const startBrowser = async (url, { allowHTTP = false, allowRedirects = 'same-origin', windowSize, forceBrowser, forceEngine, localCSP = defaultCSP }) => {
+const startBrowser = async (url, { allowHTTP = false, allowNavigation = 'same-origin', windowSize, forceBrowser, forceEngine, localCSP = defaultCSP }) => {
   const [ browserPath, browserName ] = await findBrowserPath(forceBrowser, forceEngine);
   const browserFriendlyName = getFriendlyName(browserName);
 
@@ -229,16 +229,16 @@ const startBrowser = async (url, { allowHTTP = false, allowRedirects = 'same-ori
     closeHandlers,
     browserType,
     dataPath,
-    allowRedirects,
+    allowNavigation,
     localCSP
   });
 
   return Window;
 };
 
-const checkForDangerousOptions = ({ allowHTTP, allowRedirects }) => {
+const checkForDangerousOptions = ({ allowHTTP, allowNavigation }) => {
   if (allowHTTP === true) dangerousAPI('Gluon.open', 'allowHTTP', 'true');
-  if (allowRedirects === true) dangerousAPI('Gluon.open', 'allowRedirects', 'true');
+  if (allowNavigation === true) dangerousAPI('Gluon.open', 'allowNavigation', 'true');
 };
 
 export const open = async (url, opts = {}) => {

src/launcher/inject.js

@@ -27,7 +27,7 @@ const acquireTarget = async (CDP, filter = () => true) => {
   })).sessionId;
 };
 
-export default async (CDP, proc, injectionType = 'browser', { dataPath, browserName, browserType, openingLocal, url, basePath, allowRedirects, localCSP, closeHandlers }) => {
+export default async (CDP, proc, injectionType = 'browser', { dataPath, browserName, browserType, openingLocal, url, basePath, allowNavigation, localCSP, closeHandlers }) => {
   let pageLoadCallback, pageLoadPromise = new Promise(res => pageLoadCallback = res);
   let frameLoadCallback = () => {}, onWindowMessage = () => {};
   CDP.onMessage(async msg => {
@@ -42,9 +42,10 @@ export default async (CDP, proc, injectionType = 'browser', { dataPath, browserN
 
     if (msg.method === 'Page.frameScheduledNavigation' || msg.method === 'Page.frameNavigated') {
       let newUrl = msg.params?.frame?.url ?? msg.params?.url;
-      if (allowRedirects === true) return; // always allow redirects
+
-      if (allowRedirects === 'same-origin' && new URL(newUrl).origin === new URL(url).origin) return; // only allow if same origin
+      if (allowNavigation === true) return; // always allow redirects
-      if (allowRedirects === false && newUrl === url) return; // only allow if identical open() url
+      if (allowNavigation === 'same-origin' && new URL(newUrl).origin === new URL(url).origin) return; // only allow if same origin
+      if (allowNavigation === false && newUrl === url) return; // only allow if identical open() url
       if (newUrl === 'about:blank') return; // allow blank urls
 
       CDP.sendMessage('Page.stopLoading', {}, sessionId);