In https://github.com/lightpanda-io/browser/pull/1885 we added fallback to the
incumbent context when the current context had be released (by us, but not by
v8).
This now handles the case where there is no incumbent context. It's not clear
exactly why this can happen, but we do see it in some WPT tests (e.g.
/html/browsers/the-window-object/named-access-on-the-window-object/navigated-named-objects.window.html)
The main change is changing how CidrV4 and CidrV6 are stored, by pre-calculating
their mask and storing their address as integer.
This allows significant simplification of matchesCidrV4 and matchesCidrV6.
history.pushState() and replaceState() updated the navigation entry
but did not update page.url or reinitialize window.location. This
caused location.pathname to return the old value after pushState,
breaking SPA routing detection in automation scripts.
Both methods now set page.url and re-init the Location object after
updating the navigation history.
Fixes#2081
Ref #2043
When --user-agent is set, the provided string replaces the entire
User-Agent header instead of appending to "Lightpanda/1.0".
The existing --user-agent-suffix behavior is unchanged.
Fixes#2029
Rename --block_private_networks to --block-private-networks and
--block_cidrs to --block-cidrs to match the existing flag naming
convention (e.g. --http-proxy, --proxy-bearer-token).
CIDRs prefixed with '-' are treated as allow rules that exempt matching
IPs from blocking. Allow rules take precedence over both
--block_private_networks and custom block CIDRs.
Example: --block_private_networks --block_cidrs -10.0.0.42/32
blocks all private ranges except 10.0.0.42.
Adds 3 new tests for allow-list behavior.
Block outbound HTTP requests to specified IP ranges before TCP handshake
using libcurl CURLOPT_OPENSOCKETFUNCTION callback. Fires after DNS
resolution, reads resolved IP directly from sockaddr, does bitwise CIDR
comparison. Fail-closed: unknown address families are blocked.
--block_private_networks blocks RFC1918, localhost, link-local, ULA.
--block_cidrs blocks additional comma-separated CIDRs.
IPv4-mapped IPv6 (::ffff:x.x.x.x) is unwrapped to prevent bypass.
We need to remove v8 finalizer callbacks upfront so that, as we tear things down
there's no chance for v8 to try to finalize something which has already been
finalized or is gone.
Implement the XHR timeout property end-to-end: the JS-visible
getter/setter stores the value, send() passes it to the HTTP client,
and curl enforces it via CURLOPT_TIMEOUT_MS. On timeout, a `timeout`
event is dispatched instead of `error`, per the XHR spec.
This is standalone work that can be done to enable workers. Workers need a
subset of EventManager, specifically, dispatching events for non DOM objects.
This commit extracts the non-DOM dispatching into an EventManagerBase which
EventManager uses (via composition) and which, in the future, WorkerGlobalScope
will be able to use directly.
