Skip to content

fix(desktop): grant clipboard permissions in preview browser#3739

Open
nsxdavid wants to merge 3 commits into
pingdotgg:mainfrom
nsxdavid:fix/preview-clipboard-permissions
Open

fix(desktop): grant clipboard permissions in preview browser#3739
nsxdavid wants to merge 3 commits into
pingdotgg:mainfrom
nsxdavid:fix/preview-clipboard-permissions

Conversation

@nsxdavid

@nsxdavid nsxdavid commented Jul 6, 2026

Copy link
Copy Markdown

Fixes #3738

What Changed

  • Added "clipboard-sanitized-write" to the preview browser session's permission request allowlist (apps/desktop/src/preview/BrowserSession.ts)
  • Installed a permission check handler on the same session; Electron consults this synchronous handler for clipboard APIs and none existed
  • Both handlers share one hoisted allowlist constant, with the legacy "clipboard-write" name included only where the request handler can receive it
  • Unit test covering both handlers (clipboard permissions granted, unrelated permissions denied), plus the missing mock method in the existing test setup

Why

The preview browser's permission handler allows "clipboard-write", but the permission Chromium actually requests for navigator.clipboard.writeText() is "clipboard-sanitized-write". The grant never matches, and since Electron shows no permission prompts, every clipboard write from a previewed page is silently denied. Copy buttons in previewed apps fail with:

Cannot read properties of undefined (reading 'writeText')  (http pages)
NotAllowedError                                             (https pages)

The same pages work in Chrome, which prompts the user and remembers the grant.

Validation

  • Reproduced against a Vite dev app in the preview browser: copy button failed before the change, works after
  • Verified in a local Windows build (0.0.28) of the desktop app
  • vp test apps/desktop/src/preview/BrowserSession.test.ts passes (6 tests)
  • vp run typecheck clean for @t3tools/desktop

Checklist

  • This PR is small and focused (+55/-2, one concern)
  • I explained what changed and why
  • No UI change; behavior fix only

Note

Low Risk
Scoped to desktop preview session permission handlers; no auth or data-path changes, with unit test coverage for grant/deny behavior.

Overview
Fixes preview pages where navigator.clipboard.writeText() was denied because Chromium requests clipboard-sanitized-write, while the preview Electron session only allowed the legacy clipboard-write name on the async request handler.

BrowserSession now centralizes permission allowlists and registers both setPermissionRequestHandler (includes legacy clipboard-write) and a new setPermissionCheckHandler (the sync path Electron uses for clipboard APIs), granting clipboard-read, clipboard-sanitized-write, plus existing notifications / geolocation, while denying unrelated permissions. Tests assert both handlers grant clipboard permissions and reject others.

Reviewed by Cursor Bugbot for commit 3063928. Bugbot is set up for automated code reviews on this repo. Configure here.

Note

Grant clipboard permissions in the preview browser session

  • Adds PERMISSION_REQUEST_ALLOWLIST and PERMISSION_CHECK_ALLOWLIST constants in BrowserSession.ts to centralize permission decisions.
  • Installs a setPermissionCheckHandler on sessions created via BrowserSession.make, allowing clipboard-read, clipboard-sanitized-write, notifications, and geolocation.
  • Legacy clipboard-write is allowed on permission requests but not on permission checks; all other permissions (e.g. midi) are denied in both handlers.

Macroscope summarized 3063928.

nsxdavid added 3 commits July 6, 2026 03:02
The preview browser session allowed "clipboard-write", but the
Chromium permission actually requested by navigator.clipboard.writeText
is "clipboard-sanitized-write", so clipboard writes from previewed
pages were silently denied. Electron also consults the synchronous
permission check handler for clipboard APIs, and none was installed.

Add "clipboard-sanitized-write" to the request allowlist and install a
matching permission check handler.
Add setPermissionCheckHandler to the mocked Electron session so
getSession paths keep working, and assert both permission handlers
grant clipboard access and deny unrelated permissions.
…tants

Share one base allowlist between the request and check handlers, with
the legacy "clipboard-write" name added only where the request handler
can receive it, so the intentional difference between the two lists is
explicit. Set lookup also avoids rebuilding an array on every
permission check, which Chromium invokes synchronously.
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 6cc144ed-c14a-4497-b0a9-c31837ecb802

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added size:S 10-29 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list. labels Jul 6, 2026
@macroscopeapp

macroscopeapp Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Approvability

Verdict: Needs human review

This change modifies permission handling for the preview browser, granting clipboard permissions to previewed content. Permission-related changes are security-adjacent and warrant human review, especially from someone familiar with the preview browser security model.

You can customize Macroscope's approvability policy. Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:S 10-29 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug]: Preview browser silently denies clipboard writes

1 participant