The portal helper is rather sensitive because potentially-hostile Wi-Fi
networks can decide to launch it whenever they want (by blocking the
user's connection to the nmcheck domain) and load whatever web content
they want into it. So having this unsandboxed is really extraordinarily
risky. Previously it was a risk we had to accept, because WebKit did not
have a web process sandbox, but now it does. So let's bubblewrap all the
things!
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/983
Since ES5, trailing commas in arrays and object literals are valid.
We generally haven't used them so far, but they are actually a good
idea, as they make additions and removals in diffs much cleaner.
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
ES6 allows to omit property names where they match the name of the
assigned variable, which makes code less redunant and thus cleaner.
We will soon enforce that in our eslint rules, so make sure we use
the shorthand wherever possible.
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/805
xgettext got better at recognizing template strings, so we can
replace more string concatenations. Alas xgettext is still buggy
(surprise, regular expressions are hard), so there are still a
handful of holdouts that prevent us from making a complete switch.
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/792
Those unused arguments aren't bugs - unbeknownst to eslint, they all
correspond to valid signal parameters - but they don't contribute
anything to clarity, so just remove them anyway.
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/627
Braces are optional for single-line arrow functions, but there's a
subtle difference:
Without braces, the expression is implicitly used as return value; with
braces, the function returns nothing unless there's an explicit return.
We currently reflect that in our style by only omitting braces when the
function is expected to have a return value, but that's not very obvious,
not an important differentiation to make, and not easy to express in an
automatic rule.
So just omit braces consistently as mandated by gjs' coding style.
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/608
When not using arrow notation with anonymous functions, we use Lang.bind()
to bind `this` to named callbacks. However since ES5, this functionality
is already provided by Function.prototype.bind() - in fact, Lang.bind()
itself uses it when no extra arguments are specified. Just use the built-in
function directly where possible, and use arrow notation in the few places
where we pass additional arguments.
https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/23
Any symbols (including class properties) that should be visible
outside the module it's defined in need to be defined as global.
For now gjs still allows the access for 'const', but get rid of
the warnings spill now by changing it.
https://bugzilla.gnome.org/show_bug.cgi?id=785084
Gjs-Message: JS WARNING: [resource:///org/gnome/shell/portalHelper/main.js 360]: reference to undefined property top.uri
is caused by the URI variable actually being called "url".
https://bugzilla.gnome.org/show_bug.cgi?id=783286
When using an SSH tunnel (through a SOCKS proxy) to funnel all
the outgoing traffic, we need the captive portal to not go through that
proxy, otherwise we can't go through the proxy because we're not
connected to the Internet and we can't go through the portal because
we're not connected through the proxy.
This fixes a blank captive portal window and no error reporting in that
particular configuration.
https://bugzilla.gnome.org/show_bug.cgi?id=769692
Instead of using directories that we'll destroy when done, use the new
"ephemeral" data manager feature, through the JavaScript version of:
webkit_web_context_new_ephemeral()
We also throw an error on startup, in the logs, if WebKitGTK is too old.
https://bugzilla.gnome.org/show_bug.cgi?id=780453
This adds a security icon (either secure or insecure) to the portal
helper's title bar. As soon as a part or all of the page and its content
is served insecurely, the icon shown will be a broken padlock.
https://bugzilla.gnome.org/show_bug.cgi?id=749197
The title of the window should not be in control of a potentially
hostile hotspot provider, so only set the subtitle to be that of the
page, the main title will stay the same.
The subtitle will also be set to a URI, so that the hotspot cannot be
used to control the title shown in our UI.
Helps https://bugzilla.gnome.org/show_bug.cgi?id=749197
Even though the window is maximised when created, the window is still
resizable. This avoids making the window smaller than usable. If the
screen is smaller than the minimum window size, the maximise should make
it fullscreen and non-resizable.
https://bugzilla.gnome.org/show_bug.cgi?id=735233
Users are currently experiencing intermittent (and hard to debug) TLS
errors when loading the portal authentication page. This could be
caused by using http://www.gnome.org/ for our connectivity checks
because it redirects to HTTPS.
We can completely remove TLS from the equation by not using HTTPS.
http://nmcheck.gnome.org/ is a good choice because it doesn't redirect
to HTTPS and was created for NetworkManager's connectivity check.
https://bugzilla.gnome.org/show_bug.cgi?id=769940
We assumed that either a portal would give us a target URI, or we
would eventually reach the URI of our choice (which is http://www.gnome.org)
This is not always the case: even after a successful login we may
stay in a confirmation page, so make sure that every time we see a
redirect we trigger a connectivity check (or queue one for when
the user closes the window)
https://bugzilla.gnome.org/show_bug.cgi?id=733848
Add a small DBus-activated GtkApplication that embeds a WebKitWebView
and implements some minimal logic to see if the login succeeds.
It will try to connect to a custom NM-provided url (the portal login
page), if one exists, or to www.gnome.org in the normal case of
a portal doing redirect.
https://bugzilla.gnome.org/show_bug.cgi?id=704416