Skip to content

Secure Context blocks Copy Item #138

Description

@kardain

Reference #55

This isn't a caching issue as previously thought. navigator.clipboard is only exposed in secure contexts (HTTPS or localhost) - see MDN's security considerations. Deploying over plain HTTP on a LAN IP, as many self-hosted Docker setups will, leaves navigator.clipboard undefined, which throws at assetRenderer.js:534. Confirmed via browser console, logs to follow. The fix isn't cache-related. It should either fall back to a rendered <a href> for manual copy, or feature-detect navigator.clipboard and show the raw URL in a text field/modal as a fallback.

System info:

CPU: ARM64 (ARMV8)
OS: DietPi 10.2 (Bookworm)
DA Version: 1.0.11
Docker version 29.1.3, build f52814d
LAN context: HTTP (HTTPS unavailable)

Also tested on AMD64, Debian Trixie, same Docker/app version, same network context, same issue so it is not platform specific

On page (re)load

The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. 
It was defined either in the final response or a redirect. Please deliver the response using the HTTPS 
protocol. You can also use the 'localhost' origin instead. 
See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin 
and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.

On clicking Copy Item button:

Uncaught TypeError: Cannot read properties of undefined (reading 'writeText')
    at HTMLButtonElement.<anonymous> (assetRenderer.js:534:33)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions