Skip to content

fix(desktop): allow clipboard writes in the preview browser#3889

Open
carlosricojr wants to merge 1 commit into
pingdotgg:mainfrom
carlosricojr:fix/preview-clipboard-write-permission
Open

fix(desktop): allow clipboard writes in the preview browser#3889
carlosricojr wants to merge 1 commit into
pingdotgg:mainfrom
carlosricojr:fix/preview-clipboard-write-permission

Conversation

@carlosricojr

@carlosricojr carlosricojr commented Jul 11, 2026

Copy link
Copy Markdown

Problem

Built-in copy-to-clipboard buttons inside the preview browser don't work. The clearest example is the Next.js / Vercel error overlay's copy button, which surfaces:

execute 'writeText' ... 'Clipboard': Write permission ...

i.e. the DOMException Failed to execute 'writeText' on 'Clipboard': Write permission denied. Any preview page calling navigator.clipboard.writeText() (or .write()) hits the same wall.

Root cause

apps/desktop/src/preview/BrowserSession.ts configured only a setPermissionRequestHandler, and its allow-list granted "clipboard-write":

const allowed = ["clipboard-read", "clipboard-write", "notifications", "geolocation"];
callback(allowed.includes(permission));

Two bugs:

  1. clipboard-write is not a valid Electron permission name. The async Clipboard write API maps to clipboard-sanitized-write (Electron session docs), so the intended grant never matched.
  2. The write is gated by the permission check handler, which was never set. Per the docs: "you must also implement setPermissionRequestHandler to get complete permission handling. Most web APIs do a permission check and then make a permission request if the check is denied." Async clipboard.writeText() performs a synchronous clipboard-sanitized-write check; with no setPermissionCheckHandler, Electron's default denies it — hence "Write permission denied".

Fix

  • Add a setPermissionCheckHandler alongside the existing request handler.
  • Use the correct permission name clipboard-sanitized-write.
  • Share a single ALLOWED_PREVIEW_PERMISSIONS set between both handlers so they can't drift.

The granted set is unchanged in intent (clipboard-read, clipboard write, notifications, geolocation) — this only corrects the write permission and wires up the check path. No new capabilities are exposed.

Test

Extends BrowserSession.test.ts (adds setPermissionCheckHandler to the electron mock) with a case asserting both handlers grant clipboard-sanitized-write (plus the other allowed permissions) and deny the stale clipboard-write name and unrelated permissions like midi.

Verification

  • tsgo --noEmit (apps/desktop): 0 errors
  • vitest run src/preview/BrowserSession.test.ts: 6/6 passed
  • vp lint on the changed files: clean

🤖 Generated with Claude Code


Note

Low Risk
Narrow change to preview Electron session permissions with no new capabilities beyond the prior intent; covered by unit tests.

Overview
Fixes copy-to-clipboard in the desktop preview (e.g. Next.js error overlay) by correcting Electron permission handling in BrowserSession.

Preview sessions now register setPermissionCheckHandler in addition to the request handler, because async navigator.clipboard.writeText() is gated on a synchronous clipboard-sanitized-write check. The allow-list is centralized in ALLOWED_PREVIEW_PERMISSIONS, replacing the invalid clipboard-write name with clipboard-sanitized-write while keeping the same intended grants (clipboard-read, notifications, geolocation).

Tests mock setPermissionCheckHandler and assert both handlers allow the real write permission and deny stale or unrelated names like midi.

Reviewed by Cursor Bugbot for commit 6245874. Bugbot is set up for automated code reviews on this repo. Configure here.

Note

Fix clipboard writes in the preview browser by registering both permission handlers

  • Adds ALLOWED_PREVIEW_PERMISSIONS constant in BrowserSession.ts containing clipboard-read, clipboard-sanitized-write, notifications, and geolocation.
  • Replaces the stale clipboard-write permission with clipboard-sanitized-write, which is the correct Electron permission for sanitized clipboard access.
  • Adds a setPermissionCheckHandler alongside the existing setPermissionRequestHandler so permissions are enforced through both the synchronous check and async request paths.

Macroscope summarized 6245874.

The embedded preview browser only registered a permission *request* handler,
and its allow-list used `clipboard-write` — which is not a valid Electron
permission name. Async clipboard writes (`navigator.clipboard.writeText()`) are
gated by the permission *check* handler under the `clipboard-sanitized-write`
permission, which was never granted, so built-in "Copy" buttons in preview
content — e.g. the Next.js / Vercel error overlay's copy button — failed with:

    Failed to execute 'writeText' on 'Clipboard': Write permission denied

Grant `clipboard-sanitized-write` (the correct permission name) through both a
new `setPermissionCheckHandler` and the existing request handler, sharing a
single allow-list so the two can't drift.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 791456e2-50a0-492b-a715-4fd84d6150b8

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added vouch:unvouched PR author is not yet trusted in the VOUCHED list. size:S 10-29 changed lines (additions + deletions). labels Jul 11, 2026
@macroscopeapp

macroscopeapp Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Approvability

Verdict: Approved

Straightforward bug fix that corrects Electron permission API usage to enable clipboard writes in the preview browser. The change uses the correct permission name (clipboard-sanitized-write) and adds the required check handler. No new permissions are introduced; comprehensive tests cover the behavior.

You can customize Macroscope's approvability policy. Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:S 10-29 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant