fix: code review improvements — event hooks, CSP, focus, lockfile drift#11
Merged
Conversation
The LOCATIONCHANGE hook was registered but its handler did nothing, despite CLAUDE.md documenting it as critical for Win11 stability. Now it re-applies TOPMOST when DWM/Snap Layouts strip it mid-move. The MINIMIZESTART hook had no handler and nothing to do (MINIMIZEEND covers restore), so it is no longer registered.
The bump step updated package.json, tauri.conf.json, and Cargo.toml but not Cargo.lock, so the lockfile said 1.0.1 while the app was at 1.0.9 and every local cargo build dirtied the working tree.
Replaces csp: null with a restrictive policy. Tauri injects script nonces automatically; 'unsafe-inline' styles are required for React inline style props (avatar colors) and Vite-injected CSS. connect-src allows the Tauri v2 IPC bridge.
SetForegroundWindow returns FALSE and does nothing when another process owns the foreground, so clicking a pinned window in the list could silently fail. On failure, attach our input queue to the foreground thread (which grants foreground-change permission), retry, and detach.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up fixes from the code review (see also #10).
Changes (one commit each, individually revertible)
Event hooks (
event_hook.rs) — TheEVENT_OBJECT_LOCATIONCHANGEhook was registered but its handler was a no-op, even though CLAUDE.md documents re-enforcement on it as critical for Win11 stability. It now re-appliesTOPMOSTwhen DWM/Snap Layouts strip it mid-move (cheap: only acts when the style is actually missing). TheEVENT_SYSTEM_MINIMIZESTARThook had nothing to do (MINIMIZEENDcovers restore) and is no longer registered.Mobile icons — Deleted untracked
src-tauri/icons/android|ios(PinIt is Windows-only) and gitignored them sotauri iconregeneration stays out of the tree.Cargo.lock drift — The lockfile still said 1.0.1 while the app is at 1.0.9: the release workflow bumps
Cargo.tomlbut notCargo.lock. Synced the lockfile and fixed the bump step so it stays in sync going forward.CSP enabled (
tauri.conf.json) — Replacedcsp: nullwith a restrictive policy. Tauri injects script nonces automatically; inline styles stay allowed for React style props (avatar colors) and Vite-injected CSS.Foreground lock workaround (
commands.rs) —SetForegroundWindowreturns FALSE and silently does nothing when another process owns the foreground, so clicking a window in the pinned list could fail. On failure we attach our input queue to the foreground thread, retry, and detach.Verification
cargo checkpasses