fix(ui): gate desktop privileges by host and window context (#347)

Don't let remote server windows use local features like local file browser etc
2026-04-20 20:28:11 +01:00
parent 016c7bda4a
commit 3b411e2e73
17 changed files with 247 additions and 133 deletions
--- a/packages/electron-app/electron/main/main.ts
+++ b/packages/electron-app/electron/main/main.ts
@@ -277,6 +277,7 @@ function createWindow() {
      contextIsolation: true,
      nodeIntegration: false,
      spellcheck: !isMac,
+      additionalArguments: ["--codenomad-window-context=local"],
    },
  })

@@ -440,6 +441,7 @@ async function openRemoteWindow(payload: { id: string; name: string; baseUrl: st
      contextIsolation: true,
      nodeIntegration: false,
      spellcheck: !isMac,
+      additionalArguments: ["--codenomad-window-context=remote"],
    },
  })

--- a/packages/electron-app/electron/preload/index.cjs
+++ b/packages/electron-app/electron/preload/index.cjs
@@ -1,6 +1,19 @@
 const { contextBridge, ipcRenderer, webUtils } = require("electron")

-const electronAPI = {
+function resolveWindowContext() {
+  const prefix = "--codenomad-window-context="
+  const arg = process.argv.find((value) => typeof value === "string" && value.startsWith(prefix))
+  const context = arg ? arg.slice(prefix.length) : "local"
+  return context === "remote" ? "remote" : "local"
+}
+
+function resolveRuntimeHost(windowContext) {
+  return "electron"
+}
+
+const windowContext = resolveWindowContext()
+
+const localElectronAPI = {
  onCliStatus: (callback) => {
    ipcRenderer.on("cli:status", (_, data) => callback(data))
    return () => ipcRenderer.removeAllListeners("cli:status")
@@ -26,4 +39,15 @@ const electronAPI = {
  openRemoteWindow: (payload) => ipcRenderer.invoke("remote:openWindow", payload),
 }

-contextBridge.exposeInMainWorld("electronAPI", electronAPI)
+const remoteElectronAPI = {
+  requestMicrophoneAccess: localElectronAPI.requestMicrophoneAccess,
+  setWakeLock: localElectronAPI.setWakeLock,
+  showNotification: localElectronAPI.showNotification,
+}
+
+contextBridge.exposeInMainWorld(
+  "electronAPI",
+  windowContext === "local" ? localElectronAPI : remoteElectronAPI,
+)
+contextBridge.exposeInMainWorld("__CODENOMAD_WINDOW_CONTEXT__", windowContext)
+contextBridge.exposeInMainWorld("__CODENOMAD_RUNTIME_HOST__", resolveRuntimeHost(windowContext))