2022-04-29 19:52:14 +05:30
{
2026-03-03 23:16:04 +11:00
"bundle" : {
"active" : true ,
"targets" : "all" ,
"windows" : {
"certificateThumbprint" : null ,
"digestAlgorithm" : "sha256" ,
"timestampUrl" : "" ,
2026-06-13 18:52:37 -04:00
"webviewInstallMode" : {
"type" : "downloadBootstrapper"
} ,
"nsis" : {
"installMode" : "currentUser"
} ,
2026-03-03 23:16:04 +11:00
"wix" : {
"bannerPath" : "wix/banner.bmp" ,
"dialogImagePath" : "wix/dialogImage.bmp"
}
} ,
"icon" : [
"icons/32x32.png" ,
"icons/128x128.png" ,
"icons/128x128@2x.png" ,
"icons/icon.icns" ,
"icons/icon.ico"
] ,
"resources" : [ ] ,
"externalBin" : [ ] ,
"copyright" : "" ,
"category" : "SocialNetworking" ,
"shortDescription" : "Yet another matrix client" ,
"longDescription" : "" ,
"macOS" : {
"frameworks" : [ ] ,
"minimumSystemVersion" : "" ,
"exceptionDomain" : "" ,
"signingIdentity" : null ,
"providerShortName" : null ,
"entitlements" : null
} ,
"linux" : {
2022-04-29 19:52:14 +05:30
"deb" : {
2022-05-04 17:52:40 +05:30
"depends" : [ ]
2022-04-29 19:52:14 +05:30
}
} ,
2026-03-03 23:16:04 +11:00
"createUpdaterArtifacts" : "v1Compatible"
} ,
"build" : {
"beforeBuildCommand" : "cd cinny && npm run build" ,
"frontendDist" : "../cinny/dist" ,
"beforeDevCommand" : "cd cinny && npm start" ,
"devUrl" : "http://localhost:8080"
} ,
2026-06-07 13:13:32 -04:00
"productName" : "Lotus Chat" ,
2026-03-03 23:16:04 +11:00
"mainBinaryName" : "cinny" ,
2026-05-23 23:18:03 +10:00
"version" : "4.12.2" ,
2026-06-07 13:13:32 -04:00
"identifier" : "org.lotusguild.lotus-chat" ,
2026-03-03 23:16:04 +11:00
"plugins" : {
2022-04-29 19:52:14 +05:30
"updater" : {
2026-06-07 13:13:32 -04:00
"pubkey" : "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDM1N0Y0RThCQTJEQzY1NTkKUldSWlpkeWlpMDUvTlVjejMzN0E1U0FiaVpLK05QVkRXdWlMMm1NNUprMXAvTGZSbU5maVovNmwK" ,
2022-04-29 19:52:14 +05:30
"endpoints" : [
2026-06-07 13:13:32 -04:00
"https://code.lotusguild.org/LotusGuild/cinny-desktop/releases/download/latest/release.json"
2026-03-03 23:16:04 +11:00
]
2026-06-13 18:52:37 -04:00
} ,
"deep-link" : {
"desktop" : {
"schemes" : [ "matrix" ]
}
2026-03-03 23:16:04 +11:00
}
} ,
"app" : {
"security" : {
2026-07-02 00:21:55 -04:00
"__csp_notes" : "Tightened from the fully-open policy (audit 2026-07). script-src: 'unsafe-eval' MUST stay — the native→web bridge (forward_deeplink/emit_to_web) uses window.eval, which page CSP governs (also covers the crypto wasm). The sha256 hash allows the single inline `window.global ||= window;` shim in cinny's index.html (line ~96) — if that snippet or its indentation changes, recompute the hash or the shim is silently blocked. connect-src stays broad: users connect to arbitrary homeservers (img/media keep http: for plain-http homeservers, matching connect-src). Review-added allowances: Google Fonts (VT323 stylesheet+font in index.html) and the OpenStreetMap embed iframe (m.location messages). style-src keeps 'unsafe-inline' for React style attributes." ,
"csp" : "default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-dT6noyex1I8o5CS9Sx/y8UOqwpZYIridpGz92gcObIM='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: http: https:; media-src 'self' blob: data: mediastream: http: https:; worker-src 'self' blob:; frame-src 'self' blob: https://www.openstreetmap.org; connect-src 'self' blob: data: ipc: ws: wss: http: https: http://ipc.localhost; object-src 'none'; base-uri 'self'"
2026-03-12 00:23:50 +11:00
}
2022-04-29 19:52:14 +05:30
}
2026-06-07 13:13:32 -04:00
}