Fix cannot open Floorp while Proxy relating addons are installed #1868
Conversation
Remove the logic that modifies the Content-Security-Policy (CSP) meta tag in `browser.xhtml`. This override was previously used to allow loading scripts from `localhost` for development purposes. It is no longer necessary and is being removed to avoid altering the browser's default security policy.
This commit introduces two main improvements: one for the development environment and one for application stability. First, the build process now injects a development-specific Content Security Policy (CSP) into `browser.xhtml`. This policy allows loading scripts from `http://localhost:*`, which is necessary for features like live-reloading from a dev server. Second, favicon fetching for sidebar panels is made more robust. The code now awaits `SessionStore.promiseInitialized` to prevent a race condition where favicons were requested before session data was available. A `Suspense` fallback has also been added to the UI to gracefully handle the asynchronous loading of the favicon.
There was a problem hiding this comment.
Pull Request Overview
This PR fixes an issue where Floorp browser fails to open when proxy-related addons are installed. The fix involves adding proper initialization checks, improving error handling in favicon retrieval, and adjusting Content Security Policy settings based on development vs production environments.
- Added SessionStore initialization check and error logging in favicon getter
- Enhanced createResource usage with explicit async handling and fallback UI
- Implemented conditional CSP configuration for development and production modes
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| favicon-getter.ts | Added SessionStore initialization wait and URL validation |
| sidebar-panel-button.tsx | Updated resource creation with async wrapper and fallback UI |
| xhtml.ts | Added conditional CSP configuration based on environment |
| build.ts | Passed development mode flag to XHTML injection |
Comments suppressed due to low confidence (1)
src/apps/main/core/common/panel-sidebar/components/sidebar-panel-button.tsx:118
- [nitpick] The fallback content 'I' is unclear and not descriptive. Consider using a more meaningful placeholder like 'Loading...' or an icon placeholder.
<Suspense fallback={<div>I</div>}>
| const [faviconURL] = createResource(() => props.panel, getFaviconURLForPanel); | ||
| const [faviconURL] = createResource( | ||
| () => props.panel, | ||
| async () => await getFaviconURLForPanel(props.panel), |
There was a problem hiding this comment.
The 'await' keyword is redundant here since the function is already returning a Promise. Remove 'await' or simplify to just 'getFaviconURLForPanel(props.panel)'.
| async () => await getFaviconURLForPanel(props.panel), | |
| async () => getFaviconURLForPanel(props.panel), |
Copilot uses AI. Check for mistakes.
| if (isDev) { | ||
| const meta = document.querySelector( | ||
| "meta[http-equiv='Content-Security-Policy']", | ||
| ) as HTMLMetaElement; | ||
| meta?.setAttribute( | ||
| "content", | ||
| "script-src chrome: moz-src: resource: http://localhost:* 'report-sample'", | ||
| ); | ||
| } else { | ||
| const meta = document.querySelector( | ||
| "meta[http-equiv='Content-Security-Policy']", | ||
| ) as HTMLMetaElement; | ||
| meta?.setAttribute( | ||
| "content", |
There was a problem hiding this comment.
The meta element query and setAttribute logic is duplicated between the if and else blocks. Consider extracting this into a helper function or storing the meta element in a variable outside the conditional.
| if (isDev) { | |
| const meta = document.querySelector( | |
| "meta[http-equiv='Content-Security-Policy']", | |
| ) as HTMLMetaElement; | |
| meta?.setAttribute( | |
| "content", | |
| "script-src chrome: moz-src: resource: http://localhost:* 'report-sample'", | |
| ); | |
| } else { | |
| const meta = document.querySelector( | |
| "meta[http-equiv='Content-Security-Policy']", | |
| ) as HTMLMetaElement; | |
| meta?.setAttribute( | |
| "content", | |
| function updateMetaContent(document: Document, content: string) { | |
| const meta = document.querySelector( | |
| "meta[http-equiv='Content-Security-Policy']", | |
| ) as HTMLMetaElement; | |
| meta?.setAttribute("content", content); | |
| } | |
| if (isDev) { | |
| updateMetaContent( | |
| document, | |
| "script-src chrome: moz-src: resource: http://localhost:* 'report-sample'", | |
| ); | |
| } else { | |
| updateMetaContent( | |
| document, |
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
Bugbot free trial expires on July 29, 2025
Learn more in the Cursor dashboard.
| const [faviconURL] = createResource( | ||
| () => props.panel, | ||
| async () => await getFaviconURLForPanel(props.panel), | ||
| ); |
There was a problem hiding this comment.
Bug: Fetcher Captures Closure Instead of Source
The createResource fetcher function is incorrectly implemented. It ignores the source value parameter passed by createResource and instead captures props.panel from the closure. This breaks SolidJS's reactivity tracking, potentially causing stale data. The original implementation correctly passed the source value to the fetcher. Additionally, the new code introduces an unnecessary async/await wrapper around an already async function.
No description provided.