Fix manifest-backed preload trust

2026-04-15 20:15:45 +01:00 · 2026-04-15 20:15:45 +01:00 · b5ae10cf90
commit b5ae10cf90
parent fc73d2bb71
3 changed files with 45 additions and 1 deletions
--- a/pkg/display/manifest.go
+++ b/pkg/display/manifest.go
@ -132,7 +132,13 @@ func discoverManifestPath(pageURL string) (string, error) {
 		}
 	default:
 		if parsed.Host != "" {
-			candidates = append(candidates, filepath.Join(core.Env("DIR_HOME"), ".core", "apps", parsed.Host, ".core", "view.yaml"))
+			home := strings.TrimSpace(os.Getenv("DIR_HOME"))
+			if home == "" {
+				home = strings.TrimSpace(core.Env("DIR_HOME"))
+			}
+			if home != "" {
+				candidates = append(candidates, filepath.Join(home, ".core", "apps", parsed.Host, ".core", "view.yaml"))
+			}
 		}
 	}
 	for _, candidate := range candidates {
--- a/pkg/display/preload.go
+++ b/pkg/display/preload.go
@ -31,6 +31,9 @@ func (s *Service) InjectPreload(webview PreloadTarget, origin string) error {
 // Use: script, _ := display.BuildPreloadScript("https://example.com")
 func (s *Service) BuildPreloadScript(pageURL string) (string, error) {
 	trustedOrigin := trustedPreloadOrigin(pageURL)
+	if !trustedOrigin && s.manifestBackedPreloadOrigin(pageURL) {
+		trustedOrigin = true
+	}
 	storageBootstrap := map[string]map[string]string{}
 	if s.storage != nil {
 		storageBootstrap = s.storage.Snapshot(pageURL)
@ -56,6 +59,11 @@ func (s *Service) BuildPreloadScript(pageURL string) (string, error) {
 	return strings.Join(parts, "\n"), nil
 }

+func (s *Service) manifestBackedPreloadOrigin(pageURL string) bool {
+	loaded, err := s.loadManifestForOrigin(pageURL)
+	return err == nil && loaded != nil
+}
+
 func trustedPreloadOrigin(pageURL string) bool {
 	trimmed := strings.TrimSpace(pageURL)
 	if trimmed == "" {
--- a/pkg/display/preload_test.go
+++ b/pkg/display/preload_test.go
@ -66,6 +66,36 @@ func TestDisplay_Good_WindowOpenTrustedOriginIncludesPrivilegedBridge(t *testing
 	assert.Contains(t, script, "globalThis.core.ml")
 }

+func TestDisplay_Good_WindowOpenManifestBackedOriginIncludesPrivilegedBridge(t *testing.T) {
+	home := t.TempDir()
+	require.NoError(t, os.MkdirAll(filepath.Join(home, ".core", "apps", "example.com", ".core"), 0o755))
+	require.NoError(t, os.WriteFile(filepath.Join(home, ".core", "apps", "example.com", ".core", "view.yaml"), []byte("name: example\n"), 0o644))
+	t.Setenv("DIR_HOME", home)
+
+	platform := window.NewMockPlatform()
+	c := core.New(
+		core.WithService(Register(nil)),
+		core.WithService(window.Register(platform)),
+		core.WithServiceLock(),
+	)
+	require.True(t, c.ServiceStartup(context.Background(), nil).OK)
+
+	result := c.Action("window.open").Run(context.Background(), core.NewOptions(
+		core.Option{Key: "task", Value: window.TaskOpenWindow{
+			Options: []window.WindowOption{
+				window.WithName("manifest-backed"),
+				window.WithURL("https://example.com/app"),
+			},
+		}},
+	))
+	require.True(t, result.OK)
+	require.Len(t, platform.Windows, 1)
+	script := platform.Windows[0].ExecJSCalls()[0]
+	assert.Contains(t, script, "globalThis.electron")
+	assert.Contains(t, script, "core.background.serviceWorker.register")
+	assert.Contains(t, script, "globalThis.core.ml")
+}
+
 func TestDisplay_Good_CoreSchemeRoutesThroughBackend(t *testing.T) {
 	platform := window.NewMockPlatform()
 	c := core.New(