Skip to content

fix: clipboard copy on non-secure origins#155

Merged
vakovalskii merged 1 commit intovakovalskii:mainfrom
akolotov:fix/clipboard-on-non-secure
Apr 10, 2026
Merged

fix: clipboard copy on non-secure origins#155
vakovalskii merged 1 commit intovakovalskii:mainfrom
akolotov:fix/clipboard-on-non-secure

Conversation

@akolotov
Copy link
Copy Markdown
Contributor

@akolotov akolotov commented Apr 9, 2026

Picked from #37

Problem

Users opening Codedash over a non-secure origin could not copy install or resume commands from the UI. From their point of view, the copy buttons appeared to work, but the clipboard action failed silently or fell back inconsistently, which made common workflows like copying agent install commands or session resume commands frustrating or impossible.

Root cause

The frontend relied directly on navigator.clipboard.writeText(). That API is restricted by browsers and is not available in insecure contexts, so any copy action triggered from an http:// origin could fail even though the rest of the app loaded correctly.

Fix

I added a shared copyText() helper that handles copy in three steps:

  1. Try navigator.clipboard.writeText() when the browser allows it.
  2. Fall back to the legacy document.execCommand('copy') path.
  3. If neither path works, show a prompt so the user can still copy manually.

The frontend now routes the main copy actions through that helper, including install commands, export commands, update commands, resume commands, and the GitHub device-code copy flow.

Why this is safe

The change is additive and only affects copy behavior.

  • Secure-origin behavior is unchanged because navigator.clipboard.writeText() remains the first path.
  • The fallback only runs when the primary clipboard API is unavailable or rejected.
  • No backend behavior changed, and no command text or session state logic was modified.
  • Existing copy flows already expected clipboard failures to be recoverable, so this makes that recovery explicit instead of browser-dependent.

@akolotov akolotov changed the title Fix clipboard copy on non-secure origins fix: clipboard copy on non-secure origins Apr 9, 2026
@vakovalskii vakovalskii merged commit 46f8594 into vakovalskii:main Apr 10, 2026
6 checks passed
vakovalskii added a commit that referenced this pull request Apr 10, 2026
@vakovalskii @claude
release: v6.16.3 — community PRs merged
5e4c5a8 
Merged: #156 (star sync), #155 (clipboard fallback), #159 (bind URL fix),
#157 (session name vs first prompt), #160 (MCP badges toggle), #100 (Warp launch API)
Closed: #128 (dup), #148 (banned), #161 (bad diff)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@akolotov akolotov deleted the fix/clipboard-on-non-secure branch April 10, 2026 12:18
apstenku123 added a commit to apstenku123/codedash that referenced this pull request Apr 11, 2026
@apstenku123
feat: port upstream v6.16 improvements
095cb38 
- vakovalskii#155 clipboard copy fallback on non-secure origins (execCommand shim)
- vakovalskii#156 star button sync in detail panel (already applied earlier)
- vakovalskii#159 bind address vs browser URL separation (execFile, safer)
- ca70fd2 dual metrics: user_messages (real) + total_interactions (all)
- d3f4326 Node >= 18 version check at startup with clear error

Skipped: vakovalskii#100 Warp launch config (non-iTerm2), vakovalskii#157 session name refactor
(too many touches), vakovalskii#160 badge display config (non-critical),
analytics totalSessionsAll (already have similar in createCostAggregator).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@akolotov @vakovalskii