Gluon v0.13.0 is out with best-in-class browser extension support, new security features, and more!
In this release
Browser Extensions New API
Gluon now has support for browser extensions! This includes complete support for all WebExtension APIs and Manifest V3. Here’s a comparison table between some others:
| Gluon | Electron | Tauri | |
|---|---|---|---|
| Extension Support | ✔️ | ✔️ | ❌ |
| DevTools Extensions | ✔️ | ✔️[1] | ❌ |
| Manifest V2 | ✔️ | ✔️ | ❌ |
| Manifest V3 | ✔️ | ❌ | ❌ |
| WebExtension APIs Support | All | Some | n/a |
[1] Requires workarounds for the latest versions of some extensions due to lacking some API support
API
You can use extensions with the new Gluon.extensions API. For easier compatibility, you give two paths for Chromium (unpacked extension) and Firefox (XPI file).
import * as Gluon from '@gluon-framework/gluon';
Gluon.extensions.add({
chromium: 'path/to/unpacked/extension',
firefox: 'path/to/file.xpi'
});
DevTools Extensions
You can easily use common devtools extensions like React DevTools with our new @gluon-framework/devtools package, like so:
import * as Gluon from '@gluon-framework/gluon';
import { REACT_DEVTOOLS } from '@gluon-framework/devtools';
Gluon.extensions.add(REACT_DEVTOOLS);
Security Options New API
There are many new security options when making windows, enabled by default.
Disallowed HTTP New API
HTTP is now completely blocked by default. This is to prevent the potentially dangerous consequences of using HTTP instead of HTTPS, which should be used instead. You can change this behavior if you have to (like using your own localhost server), by changing the new allowHTTP option when opening a Gluon window:
import * as Gluon from '@gluon-framework/gluon';
const Window = Gluon.open('http://localhost:1337', {
allowHTTP: true
});
Restricted top-level navigation New API
Top-level navigation (changing the URL / location of the Window itself) is now restricted to the same-origin by default. Allowing all top-level navigation is potentially dangerous, but you can disable the restriction by changing the new allowNavigation option when opening a Gluon window:
import * as Gluon from '@gluon-framework/gluon';
const Window = Gluon.open('https://gluonjs.org', {
allowNavigation: true
});
Local CSP New API
When using Local (giving Gluon a path), there is now a default CSP (Content Security Policy) and the option to provide your own. The default CSP will allow everything remotely (images, fonts, CSS, etc.) except dangerous parts like JS or frames. Keep in mind your app should ideally work with no internet so you likely should not depend on external resources. You can provide your own CSP with the new localCSP option when opening a local Gluon window:
import * as Gluon from '@gluon-framework/gluon';
// Have no CSP
const Window = Gluon.open('index.html', {
localCSP: ''
});
// Use our own restrictive CSP
const Window = Gluon.open('index.html', {
localCSP: `default-src 'self'`
});
Page Improved API
Print to PDF New API
You can now “print” the page as a PDF as a Buffer or saving it to a file.
import * as Gluon from '@gluon-framework/gluon';
const Window = await Gluon.open('https://gluonjs.org');
// Save to a PDF file (with default options)
await Window.page.printToPDF('path/to/my.pdf');
// Save to a PDF file with custom options
await Window.page.printToPDF('path/to/my.pdf', {
landscape: true
});
// Return a Buffer instead of saving
const buffer = await Window.page.printToPDF();
Window Improved API
Closed New API
You can now check if a Gluon Window is closed with Window.closed.
import * as Gluon from '@gluon-framework/gluon';
const Window = await Gluon.open('https://gluonjs.org');
console.log(Window.closed); // false
Window.close();
console.log(Window.closed); // true
Smaller Improvements
Graceful Exits
Gluon now exits gracefully if a Window is closed and no other Node code is running. Also, when Node is exited Gluon will now ensure the Window is closed as well.
Typings Improvements
The typings for Gluon have been improved to have more verbose descriptions and better types.
More Browsers
Gluon now also supports Vivaldi and Waterfox.
Hope you have fun with the new release! Let us know your feedback and opinions in the Discord.