-
Notifications
You must be signed in to change notification settings - Fork 15.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
autoUpdater does not work when have authenticated proxy #5020
Comments
What version of squirrel on windows is your installer using? |
Whichever version is packaged with I can see that that repository received a major version bump recently to |
No, that major bump was for a new underlying library that was used. |
Bit of a long shot hope 😆 I'm trying to find a way to accurately replicate this issue but it appears to be completely random 😢 |
Are you able to get the squirrel logs off any of the machines that are experiencing the issue? |
I'll grab them as soon as I can make it do this again. Completely uninstalling and reinstalling to replicate is time consuming when there is only a small chance it fails 😄 |
@kevinsawicki It appears as though there is some release notes parsing error https://gist.github.com/MarshallOfSound/7c6616b032a2499afd56de71186ef451 but then it still (eventually) starts building the full package and my app receives an update notification. Still trying to make it not update 😞 I just pinged all the issues related to this asking for them to upload their squirrel log. I'll ping here if / when I get one |
@kevinsawicki I managed to get a log from someone else's PC experiencing this issue. From what I can see they are having really strange DNS issues, which used to happen a lot (as an example MarshallOfSound/Google-Play-Music-Desktop-Player-UNOFFICIAL-#301) However when the user accesses Any reason why C#'s WebClient wouldn't resolve the name but a browser would? |
No idea, not sure if @paulcbetts might know 🔦 |
If it's using an authenticated proxy |
@paulcbetts Is there any way around this? Or any way for me to detect that proxy from within electron and tell the user they won't be able to get updates? |
@paulcbetts Or maybe implementing this https://msdn.microsoft.com/en-us/library/system.net.webrequest.defaultwebproxy.aspx in Squirrel.Windows |
@MarshallOfSound There are several NPM packages that let you detect a proxy. Or you could write your own solution in Node.js to detect a proxy. Could you do that without needing changes in Squirrel for Windows? Because there would be cases where someone would want to update via a proxy. Ideally I would skip all the above together and either check to see if the file could be reached and notify the user if not or attempt to download the file and notify the user if the download fails. This is how most updaters handle this. If none of the above works for you I guess I don't completely understand your case. |
So, the problem at the end of the day is, if you have an authenticated proxy on Windows, you need to pop UI to prompt for username/passwords at the time of request (i.e. not just in a system settings dialog). This is deeply stupid, but it is what it is. To mitigate this, you could download RELEASES and the latest NuPkg file yourself with Chromium (as well as implement the login callback to actually show UI in-app), then point your updater URL to that temp folder. This is deeply obnoxious, but so are proxy servers. |
@paulcbetts Out of interest do you know how / if atom handles this problem? Downloading the RELEASES and |
@MarshallOfSound It almost certainly doesn't solve it at all |
@MarshallOfSound, have you found a way to get the autoUpdater to work with an authenticated proxy? (for a separate issue) We've added headers option to setFeedUrl which if you can set the headers, and call checkForUpdates(), it should work. could you try this out and let us know? |
As seen from the code heades are not transferred - https://github.com/electron/electron/blob/master/lib/browser/api/auto-updater/auto-updater-win.js#L21 |
@vadim-ch As in the documentation the headers param is macOS only |
@MarshallOfSound Yes. It's very bad. I am sad. I'm looking for any workaround. |
Hello. For myself I found a solution. First step: Second step: Third step: Fourth step:
|
@joshuapinter did you have any issues with file protocol when implementing local feed auto update? I can't get this to work, because I keep getting error "Error: Protocol "file:" not supported". |
@hosnar I don't recall seeing that error message but it was over a year ago since I've looked at it. |
This was really worked. I have been success. |
The Electron version reported on this issue is no longer supported. See our supported versions documentation. If you're still experiencing this issue on a supported version, please open a new issue with an updated repro - a Fiddle is very appreciated. Electron has a large issues backlog. To help our team prioritize, we're closing older issues and asking for new issues with updated repro steps if it affects a supported version. This helps sort what issues are still relevant and helps us fix them more quickly. Thanks for your patience and understanding! |
Sorry, where is download function's location? |
@NookieGrey You'll probably have to write it yourself. Judging by the fact that they're passing a BrowserView to the function, I'd imagine it's an RPC call running through electron's IPC into a preload script in the frontend. You'll probably have to set up a set of events to transfer back and forth between the frontend and backend to make this work, and use something like Axios in the frontend to fetch the file. |
I just wanted to throw an idea out there that I'm using to satisfy a requirement for an internal tool for work. We don't necessarily need to download the files ourselves. We just need to add things to redirect the request to another location that can resolve them. My problem isn't quite the same, as I just need to have a password on my update server, which of course, squirrel for Windows doesn't support (even with the credentials in the URL as per http scheme spec). I'd be happy to release a POC example once I've finished and tested it, but what if instead of parsing and downloading packages ourselves, effectively eliminating the elegance and speed of delta updates, we just create a proxy on localhost. Then, when squirrel goes looking for an update, we receive all of its requests, and can do with them what we wish. In my case, I can simply inject an authorization header, rewrite the host, and voila! Authentication headers are now added to the request before they reach the update server. Side note: |
I have finished and tested my authentication proxy example and am happy to report that it works! Unfortunately, it's not the most secure thing in the world, but I'd say it's about as secure as bundling your update password with the application, which you'd probably have to do anyway unless you were to prompt the user for it on every launch. You could also start the server just long enough to get an update in order to mitigate the risk. https://gist.github.com/sploders101/23719534c683216baf76b816098e614b Ultimately, I think the most useful way to go about this would be to implement an RPC-esque proxy on stdin/out on both squirrel and electron, which could be handled on the JS side similarly to HTTP requests, and could be enabled via a command line flag on the squirrel exe, but I'm not sure how likely that is to be implemented. |
hi all, everything seems to be working fine for me on this except that it never seems to trigger the autoUpdate.on('update-downloaded') event? Anyone experienced this? |
Fingers crossed someone sees this! I was using this successfully and now it appears to not recognize the feedURL or at least autoUpdater.checkForUpdates() does not trigger anymore. Has anything changed in the AutoUpdater for electron? |
Are you using the built-in updater the npm module? Unfortunately, I don't believe the built-in updater has supported this for quite some time, which is why I posted the in-app HTTP proxy method above. The updater runs outside the JavaScript context, so unless they add support for this, I don't think it's going to work. Someone please correct me if I'm wrong. |
I created electron-github-autoupdater to solve this problem. It's a custom autoUpdater that works pretty much the same, but accepts a config object including a GH user token. More information in the readme. I've tested this on the latest versions of electron-forge, but I believe forge is electron 14, so it may not be compatible on v16+. Also, I have only tested on windows, I would very much appreciate a Mac user giving it a go. |
I'm trying to Manually handle updates. I download the update from s3 bucket whenever there's an available update. And then I create a {"url": "file:///var/temp/aofsdjaodsijf/update.zip"} Then I set the autoUpdater.setFeedUrl("file:///var/temp/aofsdjaodsijf/feed.json");
autoUpdater.checkUpdates(); But I get this error: I'm very stuck on this, some help would be very appreciated. |
@qiqetes Using the
|
@qiqetes @emalei Did you figure out a way to solve this? Looks like autoUpdater creates Users/X/Library/Caches/*/update. before downloading. Since we are skipping that part and doing it ourselves, this file/dir seems to be missing. @joshuapinter How did you get this to work? |
const tempPath = path.join(app.getPath("temp"), "updateVersion");
const setAutoUpdaterMac = () => {
// We need to manually create a feed.json file with a `url` key that points to our local `.zip` update file.
const json = {
url: url.pathToFileURL(path.join(tempPath, "update.zip")).href,
};
fs.writeFileSync(tempPath + "/feed.json", JSON.stringify(json));
console.log("file://" + tempPath + "/feed.json");
autoUpdater.setFeedURL({
url: url.pathToFileURL(path.join(tempPath, "feed.json")).href,
});
autoUpdater.checkForUpdates();
}; I don't remember it too much, what I have now and it's working is that piece of code. |
@qiqetes Thank you for the snippet. Do you mind sharing which version of electron you are using today? |
Latest version, and yes, autoUpdater comes from the electron module; |
@qiqetes Thank you. The issue's resolved now. The reason is – I am downloading a .dmg and feeding that to the autoUpdater when instead I should be feeding a zip file of .app One other thing that I would like to bring up is, I am being prompted with a message saying "Application is downloaded from the internet. Are you sure you want to open it?" This is happening every time an update is downloaded and installed. Any idea why this happens? |
Is nupkg file still required for auto update on Windows? |
how can i add query token when download the windows pkg |
0.36.7
The
autoUpdater
module in electron does not appear to be attempting to update all my users on windows from3.0.1
to3.1.0
. It took a clean reinstall of the application on a few computers that I am aware of before it decided there was an update too download.Upon sniffing out the traffic I could see that an update check request was being sent to fetch the RELEASES file and then didn't attempt to download the obviously available update.
I don't see how it can work for around 80% of users (that number is a guestimate) and not work for the rest.
The update server is here http://update.googleplaymusicdesktopplayer.com/update/{platform}/{version}
The update code is here https://github.com/MarshallOfSound/Google-Play-Music-Desktop-Player-UNOFFICIAL-/blob/master/src/main/features/core/autoUpdater.js
The text was updated successfully, but these errors were encountered: