experiments in a post-browser web
10
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix(ios): declare ITSAppUsesNonExemptEncryption=false for both targets

Adds the export-compliance key to project.yml (xcodegen source) and the
two generated Info.plists (Peek + peek-save_iOS share extension). Without
this, every TestFlight upload requires manually filling out the
export-compliance questionnaire in App Store Connect; with it, builds
clear that gate automatically.

We only use OS-provided HTTPS/keychain crypto, so the "exempt" declaration
is correct.

+16 -36
+10 -36
--
··· 1 - fix(chrome-ext): unbreak Proton Pass chrome.permissions / browser.permissions in popup 2 - 3 - The popup showed "Permission denied for site access" even after the user 4 - clicked grant. Two compounding causes: 1 + fix(tags): canonical URL lookup so page-widget tags attach to existing items 5 2 6 - 1. The renderer-side permissions polyfill ran on `dom-ready`, after Proton's 7 - bundled webextension-polyfill had already replaced `globalThis.chrome` with 8 - a Proxy whose `get` trap filters out 'permissions'. Defining 9 - `chrome.permissions` on that Proxy's target made the property visible to 10 - `getOwnPropertyDescriptor` but not to plain reads — and worse, with 11 - `configurable:false` on a property the trap couldn't return triggered the 12 - "non-configurable data property must return target's value" Proxy invariant 13 - error during popup load. 14 - 15 - 2. The verification log line dereferenced `chrome.permissions.request` after 16 - the install, which threw inside the IIFE and skipped the `browser.permissions` 17 - install entirely. 18 - 19 - Fix: 20 - 21 - - Switch the preload install to `configurable:true, writable:true` so 22 - downstream Proxy wraps don't violate the get-trap invariant. Wrap the 23 - verification log so a Proxy hiding `permissions` doesn't abort the IIFE. 24 - - Add an early-install path via `scripts/patch-chrome-extensions.js`: write a 25 - `peek-permissions.js` file into the extension dir and inject a 26 - `<script src=...>` tag at the top of each HTML entry (popup, settings, 27 - onboarding, internal, notification, dropdown). MV3 CSP blocks inline 28 - scripts, but `script-src 'self'` allows the external file. The shim 29 - patches `chrome.permissions` and then locks `globalThis.chrome` with 30 - `writable:false, configurable:false` so webextension-polyfill can't 31 - swap the binding for a Proxy that hides our shim. 32 - - Drop the now-dead inline polyfills.js shim (chrome was undefined at that 33 - script's first byte, so the prepend never reached its install code). 3 + Manually adding a tag via the page-host widget could silently fail when the 4 + URL had not been canonicalized identically to the stored item — query-param 5 + order, default ports, trailing slashes — leaving currentItemId null and 6 + returning early. 34 7 35 - Adds `tests/desktop/proton-pass-permissions.spec.ts` asserting that after 36 - popup load, `chrome.permissions` and `browser.permissions` both === the shim, 37 - no page errors fire, and `request`/`contains` resolve to `true` for proton.me 38 - origins. 8 + Introduce findUrlItem(url) in the datastore which normalizes via the same 9 + canonical form used by addItem('url', ...), expose it through the tile IPC 10 + surface (tile:datastore:find-url-item), and route the tags background helper 11 + through it. addTagToPage now resolves an existing item or creates one on 12 + demand instead of bailing on null id.
+2
backend/tauri-mobile/src-tauri/gen/apple/Peek/Info.plist
··· 2 2 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 3 3 <plist version="1.0"> 4 4 <dict> 5 + <key>ITSAppUsesNonExemptEncryption</key> 6 + <false/> 5 7 <key>CFBundleDevelopmentRegion</key> 6 8 <string>$(DEVELOPMENT_LANGUAGE)</string> 7 9 <key>CFBundleDisplayName</key>
+2
backend/tauri-mobile/src-tauri/gen/apple/peek-save_iOS/Info.plist
··· 2 2 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 3 3 <plist version="1.0"> 4 4 <dict> 5 + <key>ITSAppUsesNonExemptEncryption</key> 6 + <false/> 5 7 <key>CFBundleDevelopmentRegion</key> 6 8 <string>$(DEVELOPMENT_LANGUAGE)</string> 7 9 <key>CFBundleExecutable</key>
+2
backend/tauri-mobile/src-tauri/gen/apple/project.yml
··· 43 43 info: 44 44 path: peek-save_iOS/Info.plist 45 45 properties: 46 + ITSAppUsesNonExemptEncryption: false 46 47 LSRequiresIPhoneOS: true 47 48 UILaunchStoryboardName: LaunchScreen 48 49 UIRequiredDeviceCapabilities: [arm64, metal] ··· 100 101 info: 101 102 path: Peek/Info.plist 102 103 properties: 104 + ITSAppUsesNonExemptEncryption: false 103 105 CFBundleDisplayName: Peek 104 106 CFBundleName: Peek 105 107 CFBundleIdentifier: com.dietrich.peek-mobile.share