diff --git a/main.js b/main.js index 51a12c2..8f62429 100644 --- a/main.js +++ b/main.js @@ -12,6 +12,17 @@ const perfMonitor = new PerformanceMonitor(); const gpuFallback = new GPUFallback(); const gpuConfig = new GPUConfig(); +// Try to enable WebAuthn/platform authenticator features early. +// This helps Chromium expose platform authenticators (Touch ID / built-in) where supported. +try { + app.commandLine.appendSwitch('enable-experimental-web-platform-features'); + // Add common WebAuthn-related feature flags. These are safe attempts to enable platform + // authenticators and related WebAuthn plumbing in embedded Chromium builds. + app.commandLine.appendSwitch('enable-features', 'WebAuthn,WebAuthnNestedAssertions,WebAuthnCable'); +} catch (e) { + // Non-fatal: some environments may not allow commandLine changes at this time. +} + // Configure GPU settings before app is ready gpuConfig.configure(); @@ -208,6 +219,28 @@ function createWindow(startUrl) { // Start performance monitoring after initial load perfMonitor.start(); }, 300); + // Diagnostic: check WebAuthn / platform authenticator availability in renderer + try { + win.webContents.executeJavaScript(`(async function(){ + const out = { hasNavigator: !!window.navigator, hasCredentials: !!navigator.credentials, hasCreate: !!(navigator.credentials && navigator.credentials.create), hasGet: !!(navigator.credentials && navigator.credentials.get) }; + try { + if (window.PublicKeyCredential) { + out.PublicKeyCredential = true; + out.isUserVerifyingPlatformAuthenticatorAvailable = typeof PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable === 'function' ? await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable() : 'unknown'; + } else { + out.PublicKeyCredential = false; + } + } catch (e) { out.webauthnError = String(e); } + return out; + })()`) + .then(result => { + console.log('[WebAuthn Diagnostic] renderer report:', result); + }).catch(err => { + console.error('[WebAuthn Diagnostic] executeJavaScript failed:', err); + }); + } catch (e) { + console.warn('WebAuthn diagnostic injection skipped:', e); + } }); // Renderer manages history; no main-process recording here diff --git a/package-lock.json b/package-lock.json index a727434..7ec692a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "ISC", "devDependencies": { - "electron": "^37.2.4", + "electron": "^37.3.1", "electron-builder": "^23.0.0", "electron-nightly": "^39.0.0-nightly.20250811" } @@ -1387,9 +1387,9 @@ } }, "node_modules/electron": { - "version": "37.2.4", - "resolved": "https://registry.npmjs.org/electron/-/electron-37.2.4.tgz", - "integrity": "sha512-F1WDDvY60TpFwGyW+evNB5q0Em8PamcDTVIKB2NaiaKEbNC2Fabn8Wyxy5g+Anirr1K40eKGjfSJhWEUbI1TOw==", + "version": "37.3.1", + "resolved": "https://registry.npmjs.org/electron/-/electron-37.3.1.tgz", + "integrity": "sha512-7DhktRLqhe6OJh/Bo75bTI0puUYEmIwSzMinocgO63mx3MVjtIn2tYMzLmAleNIlud2htkjpsMG2zT4PiTCloA==", "dev": true, "hasInstallScript": true, "license": "MIT", diff --git a/package.json b/package.json index cf55a64..48f0460 100644 --- a/package.json +++ b/package.json @@ -5,14 +5,16 @@ "main": "main.js", "scripts": { "start": "electron .", - "dist": "electron-builder" + "dist": "electron-builder", + "run": "electron ." + }, "keywords": [], "author": "", "license": "ISC", "description": "", "devDependencies": { - "electron": "^37.2.4", + "electron": "^37.3.1", "electron-builder": "^23.0.0", "electron-nightly": "^39.0.0-nightly.20250811" }, diff --git a/renderer/style.css b/renderer/style.css index 95a6299..9ce90b4 100644 --- a/renderer/style.css +++ b/renderer/style.css @@ -38,6 +38,9 @@ html, body { gap: 12px; /* flatter header to reduce paint cost */ box-shadow: none; + /* Ensure the nav sits above embedded surfaces */ + position: relative; + z-index: 10000; } /* Make the top nav a draggable region on macOS when we use a hidden titlebar. @@ -125,6 +128,8 @@ html, body { /* MENU DROPDOWN */ .menu-wrapper { position: relative; + /* keep wrapper on a higher layer so absolute popup can composit above webviews */ + z-index: 10001; } #menu-popup { @@ -138,7 +143,11 @@ html, body { flex-direction: column; min-width: 200px; /* wider dropdown */ box-shadow: 0 2px 6px rgba(0,0,0,0.4); - z-index: 100; + /* Much higher z-index and force its own compositing layer so it renders above guests */ + z-index: 20000; + -webkit-transform: translateZ(0); + transform: translateZ(0); + will-change: transform, opacity; } #menu-popup button { @@ -168,6 +177,8 @@ html, body { display: flex; width: 100%; position: relative; + /* make sure webviews render on a separate base layer behind nav */ + z-index: 0; } #webviews.hidden { display: none; @@ -194,6 +205,7 @@ html, body { display: none; width: 100%; position: relative; + z-index: 0; } #home-container.active { @@ -206,6 +218,8 @@ html, body { border: none; display: none; flex: 1; + position: relative; + z-index: 0; } /* Show home webview when container is active */ #home-container.active > #home-webview { diff --git a/site-history.json b/site-history.json index 4887cdb..ec79514 100644 --- a/site-history.json +++ b/site-history.json @@ -1,4 +1,13 @@ [ + "https://github.com/sessions/two-factor/webauthn", + "https://github.com/sessions/social/google/confirm", + "https://github.com/sessions/social/google/initiate?return_to=", + "https://github.com/login", + "https://github.com/", + "https://accounts.google.com/signin/oauth/id?authuser=0&part=AJi8hANsZCAVV0qiARVlRDOPJq2iA0sKnOjsfyAyfsCCaFtz40396topRrJ_kribwlDRt09x0FsnCgAoNsMpF86iespql6pWiRKquVqWzDTLpYPf4k00TTQHc2oeVDKs3TjJnW1YhfSCs33GbadOh3esuALJOiO9qF70vsfqS2w71DZr_1Xiqpe_rIQbT2SBpKpEfbg-PuWvP9MPROGy3S_VwjjDe9g3Z0cq_HJQmwgd-Q-eMGi4zdn-213XolV7mY2DpFkGVKKrS-VC6sF1oPg7gvV3DCGwtfmcGtBO--U72WgSk9RLr-qK2nxoVIGbe2YGKC6ms1jc0yCTns8-ZkuxLvCEFdEN6Dfb3xh3Ql1jWM7rhT-4i4eJt371JUPUP55VjQ5hjRifUcxnRlmIa0lv8eW0ITYc1w41fTUL2KvHz-klfLp7EtPbPZAv-se4IoEP8vTe-vnBAdUQOcZaxG1Q_FotZLmIMrZpnqW-9xIKnhH5yrUKhpCKciz8bcQToc0IrwNPs5ss7hFfrFs8xIz2iLDIWIVZcvC-W0glyk_v2Fznr0wAQI7aXWqtr5WG95gpNxKEwhV6czCHc0PKy1kfqqW_rUlnkaB45Nn46AcXEtMmphjh2FV39XkrPnc9_66Zgnks8XqyPT-g2RqtPtszboV4FdFHXy0HE04vN0FXDJwCpYBMOXhcn4l_SjqXbLmXQedjXpJRe5C0ClJxnwvltQ1YN5Qymgxs5Ms6gYUAqrenL7T_KHqUSM4uuNrqQszAb6PAf_SmIXEx829UYUA_gXxWOA3wdyCU0DUyoeGXBrjiiK97ICJ2fwch0McBpfFeMCkOBrF6jCEciRXYVUjH0EBD5TlWIw&flowName=GeneralOAuthFlow&as=S2063921138%3A1756253045404292&client_id=1078992815106-brpsupgvhheqg35tupphbh0qk9c32nq8.apps.googleusercontent.com&rapt=AEjHL4OVSpGthcXIZ7SFjXPErM4eV4qOo1ja7xGGlJqxtPaUwD68ZqZenb5RWZfR83Kucg-u4loriooc5Dj69kjLrPMI6dc_1w#", + "https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=1078992815106-brpsupgvhheqg35tupphbh0qk9c32nq8.apps.googleusercontent.com&response_type=code&redirect_uri=https%3A%2F%2Fgithub.com%2Fsessions%2Fsocial%2Fgoogle%2Fcallback&scope=openid%20email%20profile&state=cab0565714cb155c7fcf8972e3897cac&nonce=342bbf0571704ddc5883dcd11e356dc7&code_challenge=n9iUWC-AoLe6HzVPYfPx1FJDxd7ykmUEvBtUdvgBLK4&code_challenge_method=S256&service=lso&o2v=2&flowName=GeneralOAuthFlow", + "https://accounts.google.com/o/oauth2/v2/auth?client_id=1078992815106-brpsupgvhheqg35tupphbh0qk9c32nq8.apps.googleusercontent.com&response_type=code&redirect_uri=https%3A%2F%2Fgithub.com%2Fsessions%2Fsocial%2Fgoogle%2Fcallback&scope=openid%20email%20profile&state=cab0565714cb155c7fcf8972e3897cac&nonce=342bbf0571704ddc5883dcd11e356dc7&code_challenge=n9iUWC-AoLe6HzVPYfPx1FJDxd7ykmUEvBtUdvgBLK4&code_challenge_method=S256&service=lso&o2v=2", + "https://accounts.google.com/o/oauth2/v2/auth?client_id=1078992815106-brpsupgvhheqg35tupphbh0qk9c32nq8.apps.googleusercontent.com&response_type=code&redirect_uri=https%3A%2F%2Fgithub.com%2Fsessions%2Fsocial%2Fgoogle%2Fcallback&scope=openid+email+profile&state=cab0565714cb155c7fcf8972e3897cac&nonce=342bbf0571704ddc5883dcd11e356dc7&code_challenge=n9iUWC-AoLe6HzVPYfPx1FJDxd7ykmUEvBtUdvgBLK4&code_challenge_method=S256", "https://www.google.com/search?sca_esv=8740a35e22b44344&q=google&source=lnms&fbs=AIIjpHzThbnmQ2WmOKxM311CRlKFRYIYkDZQGNzKWZOtgUvrU8IkX2D8ZljVyZBwLc67VO5Vh9BmSq-tJTelkfgGaeLOhsWoMcpPaMobUKT2lDeoy4baWd3FunAQvdgUkx-O2UqTNd3rElthg_q_RDuOd63_-9VEOzcZa8DOthTdfufpgCAS8atIRQu6ndbQbff19E3EbkrdgATyQCGbkaHPxI6YLnT-EcRkSXiWTOApoudKAVtFgl4&sa=X&ved=2ahUKEwiP8MW4nIyPAxXwr1YBHfDEE0wQ0pQJegQICRAB&biw=2544&bih=1251&dpr=1.5", "https://www.google.com/search?sca_esv=8740a35e22b44344&udm=2&fbs=AIIjpHxU7SXXniUZfeShr2fp4giZ1Y6MJ25_tmWITc7uy4KIeuYzzFkfneXafNx6OMdA4MQRJc_t_TQjwHYrzlkIauOKj9nSuujpEIbB1x32lFLEvBmmX-p1UI3WlSFH86-EF1CpFR0tZjCgi5bM20K3xHOK3droXh0yMXraJ5han3x4rkl9Co5S6JKPNx1fHkXHoy-qehbRF1XGgIa6fKwyF5LNOJ-3xQ&q=google&sa=X&ved=2ahUKEwij2L2QnIyPAxVjsVYBHf8oASsQtKgLegQIHhAB&cshid=1755240501153677&biw=2544&bih=1251&dpr=1.5", "https://www.google.com/search?q=google#cobssid=s",