From f5035ee0a74d2db3fd21ae86c3d521661ce7ded1 Mon Sep 17 00:00:00 2001 From: abose Date: Thu, 5 Feb 2026 14:53:41 +0530 Subject: [PATCH] fix: trust ring in electron app was not getting shut down properly --- docs/appNotifications/readme.md | 4 ++-- src-electron/main-cred-ipc.js | 12 ++++++++++-- src-electron/main-window-ipc.js | 10 +++++++++- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/docs/appNotifications/readme.md b/docs/appNotifications/readme.md index 7d22285..041d344 100644 --- a/docs/appNotifications/readme.md +++ b/docs/appNotifications/readme.md @@ -50,5 +50,5 @@ A sample json is as follows: 5. `PLATFORM`: A comma seperated list(no spaces) of all platforms in which the message will be shown. allowed values are: `mac,win,linux,allDesktop,firefox,chrome,safari,allBrowser,all` 6. `USER_TYPE`: An array of all user types in which the message will be shown. - allowed values are: [`all`, `notLoggedIn`, `loggedIn`, `trial`, `paidSubscriber`]. This filter is only available - in versions > 5, else it is ignored in older versions. combine with `FOR_VERSIONS` to filter based on user type. + allowed values are: [`all`, `notLoggedIn`, `loggedIn`, `trial`, `paidSubscriber`, `notPaidsubscriber`]. This filter + is only available in versions > 5, else it is ignored in older versions. combine with `FOR_VERSIONS` to filter based on user type. diff --git a/src-electron/main-cred-ipc.js b/src-electron/main-cred-ipc.js index f05ebca..d5e04a0 100644 --- a/src-electron/main-cred-ipc.js +++ b/src-electron/main-cred-ipc.js @@ -17,7 +17,7 @@ try { const PHOENIX_CRED_PREFIX = 'phcode_electron_'; function registerCredIpcHandlers() { - // Trust window AES key - can only be called once per window + // Trust window AES key - can only be called once per page load ipcMain.handle('trust-window-aes-key', (event, key, iv) => { assertTrusted(event); const webContentsId = event.sender.id; @@ -140,4 +140,12 @@ function cleanupWindowTrust(webContentsId, windowLabel) { } } -module.exports = { registerCredIpcHandlers, cleanupWindowTrust }; +// Clear trust on navigation (page reload) - allows fresh trust to be established after reload +function clearTrustOnNavigation(webContentsId, windowLabel) { + if (windowTrustMap.has(webContentsId)) { + windowTrustMap.delete(webContentsId); + console.log(`AES trust cleared for navigation in window: ${windowLabel} (webContentsId: ${webContentsId})`); + } +} + +module.exports = { registerCredIpcHandlers, cleanupWindowTrust, clearTrustOnNavigation }; diff --git a/src-electron/main-window-ipc.js b/src-electron/main-window-ipc.js index f244ccf..0a94f49 100644 --- a/src-electron/main-window-ipc.js +++ b/src-electron/main-window-ipc.js @@ -1,7 +1,7 @@ const { ipcMain, BrowserWindow, shell, clipboard } = require('electron'); const path = require('path'); const { spawn } = require('child_process'); -const { cleanupWindowTrust } = require('./main-cred-ipc'); +const { cleanupWindowTrust, clearTrustOnNavigation } = require('./main-cred-ipc'); const { isTrustedOrigin, updateTrustStatus, cleanupTrust, assertTrusted } = require('./ipc-security'); const { DEFAULTS, trackWindowState } = require('./window-state'); @@ -39,6 +39,14 @@ function registerWindow(win, label) { // Initial trust evaluation updateTrustStatus(webContents); + // Clear AES trust before navigation starts (page reload/navigate) + // This allows the new page to establish fresh trust with its own keys + webContents.on('did-start-navigation', (event, url, isInPlace, isMainFrame) => { + if (isMainFrame) { + clearTrustOnNavigation(webContentsId, label); + } + }); + // Re-evaluate trust on navigation webContents.on('did-navigate', () => { updateTrustStatus(webContents);