`app.security.__csp_notes` failed `tauri.conf.json` schema validation
("Additional properties are not allowed") on BOTH platforms before any
compile. JSON can't hold comments and Tauri forbids extra keys, so the
rationale lives here instead:
CSP rationale (audit 2026-07): tightened from the fully-open policy.
- 'unsafe-eval' MUST stay: the native→web bridge (forward_deeplink /
emit_to_web) uses window.eval, governed by page CSP; also covers crypto wasm.
- The sha256 hash allowlists the single inline `window.global ||= window;`
shim in cinny's index.html (~line 96). If that snippet or its indentation
changes, recompute the hash or the shim is silently blocked.
- connect-src / img-src / media-src keep http: (plain-http homeservers).
- Review-added: Google Fonts (VT323) + OpenStreetMap iframe (m.location).
- style-src keeps 'unsafe-inline' for React style attributes.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
script-src drops unsafe-inline/blob/data/http/https (any-origin script exec is
gone); the single inline shim in index.html is hash-pinned; object-src 'none',
base-uri 'self'. Kept deliberately: 'unsafe-eval' (the window.eval native→web
bridge + crypto wasm), broad connect-src (arbitrary homeservers), http: in
img/media (plain-http homeservers), and review-added allowances for Google
Fonts (VT323) and the OpenStreetMap location iframe.
NEEDS RUNTIME SMOKE ON WINDOWS before release (CI can't catch CSP breakage):
boot, avatars/media, VT323 renders, location map embeds, calls connect, deep
links navigate.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- System tray with Open/Quit menu + left-click toggle; closing the window now
minimizes to tray instead of quitting, so notifications keep arriving.
- Single-instance: a second launch focuses the running window (and forwards a
matrix: link) instead of colliding on the localhost port.
- Window: 1100x720 default, 480x600 min, centered first run; starts hidden and
shows on page-load to kill the white launch flash (8s failsafe).
- matrix: deep links via tauri-plugin-deep-link -> dispatched to the web client
(useDeepLinkNavigate) for both cold-start and already-running cases.
- Windows 11 Mica backdrop (subtle; app paints opaque TDS bg).
- NSIS installer: per-user install (no UAC), downloadBootstrapper.
- Remove dead/broken src/menu.rs.
- Bump cinny submodule to 053b364a (deep-link web handler).
Note: Rust not compiled locally (no toolchain / Windows-only paths); verified by
careful API review against tauri 2.10 — needs a real 'tauri build' to confirm.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
WebView2 silently denies getUserMedia() unless a PermissionRequested
handler explicitly allows it. macOS was already covered by Info.plist;
Windows had nothing. Adds a COM event handler via with_webview that
auto-approves mic and camera requests so Element Call voice/video
works in the desktop app.
Also includes previously uncommitted changes:
- tauri.conf.json: add media-src / mediastream: to CSP
- Info.plist: macOS NSMicrophoneUsageDescription / NSCameraUsageDescription
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: update CSP to allow reordering rooms inside space
Fixes https://github.com/cinnyapp/cinny/issues/2949
* disable native dnd in windows configuration
* Disable drag and drop for main webview window in lib.rs
* Remove dragDropEnabled setting from tauri.conf.json
* Replace drag_drop_enabled with disable_drag_drop_handler
* Upgrade tauri to v2
* update action and disable menu
* Add args to workflow step in test.yml
* Rename environment variables for Tauri signing
* Change mainBinaryName from 'Cinny' to 'cinny'
* Update linux file names to use 'Cinny' instead of 'cinny'
* Upgrade Tauri action to v0.6.1 and fix targets
Updated Tauri action version and corrected target specification.