Gluon v0.13

CanadaHonk · February 8, 2023

Gluon v0.13.0 is out with best-in-class browser extension support, new security features, and more!

In this release

Browser Extensions New API

Gluon now has support for browser extensions! This includes complete support for all WebExtension APIs and Manifest V3. Here’s a comparison table between some others:

Gluon Electron Tauri
Extension Support ✔️ ✔️
DevTools Extensions ✔️ ✔️[1]
Manifest V2 ✔️ ✔️
Manifest V3 ✔️
WebExtension APIs Support All Some n/a

[1] Requires workarounds for the latest versions of some extensions due to lacking some API support


You can use extensions with the new Gluon.extensions API. For easier compatibility, you give two paths for Chromium (unpacked extension) and Firefox (XPI file).

import * as Gluon from '@gluon-framework/gluon';

  chromium: 'path/to/unpacked/extension',
  firefox: 'path/to/file.xpi'

DevTools Extensions

You can easily use common devtools extensions like React DevTools with our new @gluon-framework/devtools package, like so:

import * as Gluon from '@gluon-framework/gluon';
import { REACT_DEVTOOLS } from '@gluon-framework/devtools';


Security Options New API

There are many new security options when making windows, enabled by default.

Disallowed HTTP New API

HTTP is now completely blocked by default. This is to prevent the potentially dangerous consequences of using HTTP instead of HTTPS, which should be used instead. You can change this behavior if you have to (like using your own localhost server), by changing the new allowHTTP option when opening a Gluon window:

import * as Gluon from '@gluon-framework/gluon';

const Window ='http://localhost:1337', {
  allowHTTP: true

Restricted top-level navigation New API

Top-level navigation (changing the URL / location of the Window itself) is now restricted to the same-origin by default. Allowing all top-level navigation is potentially dangerous, but you can disable the restriction by changing the new allowNavigation option when opening a Gluon window:

import * as Gluon from '@gluon-framework/gluon';

const Window ='', {
  allowNavigation: true

Local CSP New API

When using Local (giving Gluon a path), there is now a default CSP (Content Security Policy) and the option to provide your own. The default CSP will allow everything remotely (images, fonts, CSS, etc.) except dangerous parts like JS or frames. Keep in mind your app should ideally work with no internet so you likely should not depend on external resources. You can provide your own CSP with the new localCSP option when opening a local Gluon window:

import * as Gluon from '@gluon-framework/gluon';

// Have no CSP
const Window ='index.html', {
  localCSP: ''

// Use our own restrictive CSP
const Window ='index.html', {
  localCSP: `default-src 'self'`

Page Improved API

You can now “print” the page as a PDF as a Buffer or saving it to a file.

import * as Gluon from '@gluon-framework/gluon';
const Window = await'');

// Save to a PDF file (with default options)

// Save to a PDF file with custom options
await'path/to/my.pdf', {
  landscape: true

// Return a Buffer instead of saving
const buffer = await;

Window Improved API

Closed New API

You can now check if a Gluon Window is closed with Window.closed.

import * as Gluon from '@gluon-framework/gluon';
const Window = await'');

console.log(Window.closed); // false


console.log(Window.closed); // true

Smaller Improvements

Graceful Exits

Gluon now exits gracefully if a Window is closed and no other Node code is running. Also, when Node is exited Gluon will now ensure the Window is closed as well.

Typings Improvements

The typings for Gluon have been improved to have more verbose descriptions and better types.

More Browsers

Gluon now also supports Vivaldi and Waterfox.

Hope you have fun with the new release! Let us know your feedback and opinions in the Discord.