-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable context isolation and disable nodejs support. Fixes #2018 #12299
Enable context isolation and disable nodejs support. Fixes #2018 #12299
Conversation
I'm opening a draft PR because I'll be working on updating to a newer electron version, as well. I'd be interested in feedback and testing, though. |
0fab8d5
to
4d6e063
Compare
9004ac5
to
8cfb331
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quick first review pass. Note that the CI doesn't look happy.
The license check shows npm/npmjs/@babel/plugin-transform-async-to-generator/7.20.7 to be "under review", but if you looka the issue, it's approved. What gives? https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/6230 |
One of the linter issues is this:
But that's not even part of this PR. What gives? |
8cfb331
to
c9f5860
Compare
@tsmaeder I don't believe these are errors, only The other entries were added to our baseline at the time but can likely be cleaned up as they are approved: theia/dependency-check-baseline.json Lines 1 to 14 in f8654ec
Please also note that bumping |
@vince-fugnitto thanks for chiming in. Is there any documentation on what a "baseline" is and how to resolve issues with this check? |
I think the component failing the IP check is the new version of Electron:
Indeed, in part because Electron bundles @vince-fugnitto can you point-out a past example of such |
Here is a past "IP Due Diligence Check" (CQ) for Here is an example of using the new GitLab repo to submit a CQ: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/5022. |
There is no documentation afaik that details the processes but we can look towards updating https://github.com/eclipse-theia/theia/wiki/Registering-CQs. The |
FYI: I got the |
@tsmaeder do you need assistance with the CQ, or would like me to handle it? |
@vince-fugnitto thanks for the help. While I would like to get this PR merged, the most important outcome for me is is that we clarify and document the process. The documentation we have is woefully out of date. There's also the fact that I can make the PR check pass by fiddling with clearlydefined. And yet, we still seem to need a CQ? Is our PR check wrong? Do you have additional info that says we still need a CQ? |
It is required due to Electron distributing The foundation has requested in the past that we submit requests to be able to use Electron in the project. |
@paul-marechal you mentioned you would prefer using dependency injection for some of the API. Could you sketch what would do differently? |
Instead of creating hardcoded APIs and exposing them all in the global scope, we'd do like any other entry point and load various Inversify container modules. Doing this in the preload context was easy, but then it gets tricky when trying to expose the things bound there to the browser window. Ultimately the idea is to go from referring to preload services as This means that downstream app makers will be able to override services/apis/etc just like everywhere else. With this PR in its current state it's not possible to change much. |
@paul-marechal that's sounds interesting, but it's not really in scope for this PR, IMO. It sounds like a complete rewrite of the code. I would much rather focus on getting this one merged and to proceed from there. |
In German, there is a saying: "the better is the enemy of the good" ;-) |
c9f5860
to
bcb49ab
Compare
What it does
All access to electron API is now done through an API exposed via a preload script. Access to the electron API (including electron-remote) and nodejs API is no longer possible.
Theia extensions can contribute to the preload script via a
theiaExtensions
module declaration in their package.jsonFixes #2018
Contributed on behalf or STMicroelectronics
How to test
Run the electron version of Theia and make sure nothing is broken. Particular areas of interest is anything to do with menus and windows, for example "zoom in/out", "maximize", etc.
CQ
Review checklist
Reminder for reviewers