Skip to content

feat(security): deny-by-default session permission handler#10168

Draft
jackkav wants to merge 1 commit into
developfrom
security/session-permission-handler
Draft

feat(security): deny-by-default session permission handler#10168
jackkav wants to merge 1 commit into
developfrom
security/session-permission-handler

Conversation

@jackkav

@jackkav jackkav commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Summary

Implements item 5 of the Electron security checklist ("Handle session permission requests from remote content") for the main window's session.

Electron auto-approves several permissions (notifications, pointer-lock, etc.) for loaded content when no handler is registered. This adds an explicit deny-by-default posture on session.defaultSession:

  • setPermissionRequestHandler + setPermissionCheckHandler deny everything except clipboard.
  • Clipboard is allowed because the renderer uses navigator.clipboard.writeText (e.g. the "copy routes" action in project-navigation-sidebar.tsx).
  • Denied requests are console.logged so unexpected requests are diagnosable.

Design

  • Allow-list logic lives in a side-effect-free module (src/main/session-security.ts), mirroring the existing window-security.ts pattern, so it can be unit-tested.
  • Registered in the app.on('ready') handler in entry.main.ts, next to the existing defaultSession setup.

Risk

Low. The renderer is first-party content and has no legitimate use for camera/mic/geolocation/MIDI/notifications. The only web-permission API in the renderer is navigator.clipboard, which remains allowed. Draft pending a quick smoke check that clipboard copy still works.

Test plan

  • vitest run packages/insomnia/src/main/session-security.test.ts (13 tests)
  • eslint + tsc clean on changed files
  • Manual: copy actions (e.g. copy routes / copy as cURL) still write to clipboard

Checklist context

This is 1 of 2 follow-up PRs from a security-checklist audit of the main window. The other addresses item 7 (Content-Security-Policy). Item 12 (webview options) is handled by #9942.

@jackkav
feat(security): deny-by-default session permission handler
af140dc 
Electron security checklist item 5 (handle session permission requests).
Registers setPermissionRequestHandler / setPermissionCheckHandler on the
default session, denying everything except clipboard, which the renderer
uses via navigator.clipboard. Denied requests are logged.

Logic isolated in session-security.ts and pinned by a unit test.
@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown

✅ Circular References Report

Generated at: 2026-06-26T09:37:46.102Z
Status: ✅ NO CHANGE

Summary

Metric Base (develop) PR Change
Total Circular References 9 9 0 (0.00%)
Click to view all circular references in PR (9) 
insomnia-inso/src/db/models/types.ts -> insomnia-inso/src/db/types.ts
insomnia/src/main/prompt-bridge.ts -> insomnia/src/main/window-utils.ts -> insomnia/src/main/plugin-window.ts
insomnia/src/main/window-utils.ts -> insomnia/src/main/plugin-window.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/collection.ts -> insomnia-scripting-environment/src/objects/response.ts
insomnia/src/network/network.ts -> insomnia/src/common/render.ts
insomnia/src/ui/components/settings/import-export.tsx -> insomnia/src/ui/components/modals/export-requests-modal.tsx
insomnia/src/ui/components/tabs/tab-list.tsx -> insomnia/src/ui/components/tabs/tab.tsx
insomnia/src/ui/components/templating/tag-editor-arg-sub-form.tsx -> insomnia/src/ui/components/templating/external-vault/external-vault-form.tsx
insomnia/src/ui/components/viewers/response-viewer.tsx -> insomnia/src/ui/components/viewers/response-multipart-viewer.tsx
Click to view all circular references in base branch (9) 
insomnia-inso/src/db/models/types.ts -> insomnia-inso/src/db/types.ts
insomnia/src/main/prompt-bridge.ts -> insomnia/src/main/window-utils.ts -> insomnia/src/main/plugin-window.ts
insomnia/src/main/window-utils.ts -> insomnia/src/main/plugin-window.ts
insomnia/src/network/network.ts -> insomnia-scripting-environment/src/objects/index.ts -> insomnia-scripting-environment/src/objects/collection.ts -> insomnia-scripting-environment/src/objects/response.ts
insomnia/src/network/network.ts -> insomnia/src/common/render.ts
insomnia/src/ui/components/settings/import-export.tsx -> insomnia/src/ui/components/modals/export-requests-modal.tsx
insomnia/src/ui/components/tabs/tab-list.tsx -> insomnia/src/ui/components/tabs/tab.tsx
insomnia/src/ui/components/templating/tag-editor-arg-sub-form.tsx -> insomnia/src/ui/components/templating/external-vault/external-vault-form.tsx
insomnia/src/ui/components/viewers/response-viewer.tsx -> insomnia/src/ui/components/viewers/response-multipart-viewer.tsx

Analysis

No Change: This PR does not introduce or remove any circular references.

This report was generated automatically by comparing against the develop branch.

@ryan-willis

ryan-willis commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

I created a similar PR for this: #10159

Is the ability to read the clipboard without user interaction necessary?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jackkav @ryan-willis