mirror/insomnia
1
0
Fork 0
mirror of https://github.com/Kong/insomnia.git synced 2026-06-15 11:30:07 -04:00
Code Issues Packages Projects Releases Wiki Activity

Expose env vars to renderer via contextBridge window.env

Browse Source 
In the renderer process with nodeIntegration disabled, process.env is not
available. The preload script now explicitly whitelists the env vars the
renderer needs and exposes them as window.env via contextBridge.
constants.ts reads from window.env in the renderer and falls back to
process.env for the inso CLI and main process.
This commit is contained in:
jackkav
2026-05-30 20:47:37 +02:00
parent 96a73d31d5
commit 6c9c5bd981
3 changed files with 74 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
packages/insomnia/src/common/constants.ts
View File

@@ -13,10 +13,11 @@ import {
import appConfig from '../../config/config.json';
import { version } from '../../package.json';
// Vite is filtering out process.env variables that are not prefixed with VITE_.
// In the renderer (nodeIntegration disabled) env vars come from the preload via window.env.
// In the inso CLI and main process, fall back to process.env.
const ENV = 'env';
const env = process[ENV];
const env = (typeof window !== 'undefined' && window.env) ? window.env : process[ENV];
export const INSOMNIA_GITLAB_REDIRECT_URI = env.INSOMNIA_GITLAB_REDIRECT_URI;
export const INSOMNIA_GITLAB_CLIENT_ID = env.INSOMNIA_GITLAB_CLIENT_ID;
@@ -37,7 +38,7 @@ export const getProductName = () => appConfig.productName;
export const getAppSynopsis = () => appConfig.synopsis;
export const getAppId = () => appConfig.appId;
export const getAppBundlePlugins = () => appConfig.bundlePlugins;
export const getAppEnvironment = () => process.env.INSOMNIA_ENV || 'production';
export const getAppEnvironment = () => env.INSOMNIA_ENV || 'production';
export const isDevelopment = () => getAppEnvironment() === 'development';
export const getSegmentWriteKey = () =>
appConfig.segmentWriteKeys[isDevelopment() || env.PLAYWRIGHT_TEST ? 'development' : 'production'];
@@ -46,7 +47,7 @@ export const getCioWriteKey = () =>
appConfig.cio[isDevelopment() || env.PLAYWRIGHT_TEST ? 'development' : 'production'].writeKey;
export const getCioSiteId = () =>
appConfig.cio[isDevelopment() || env.PLAYWRIGHT_TEST ? 'development' : 'production'].siteId;
export const getAppBuildDate = () => new Date(process.env.BUILD_DATE ?? '').toLocaleDateString();
export const getAppBuildDate = () => new Date(env.BUILD_DATE ?? '').toLocaleDateString();
export const getBrowserUserAgent = () =>
encodeURIComponent(
@@ -62,7 +63,7 @@ export function updatesSupported() {
}
// Updates are not supported for Windows portable binaries
if (isWindows && process.env['PORTABLE_EXECUTABLE_DIR']) {
if (isWindows && env.PORTABLE_EXECUTABLE_DIR) {
return false;
}

40
packages/insomnia/src/entry.preload.ts
View File

@@ -438,6 +438,44 @@ const database: Window['database'] = {
invoke: (fnName, ...args) => invokeWithNormalizedError('database.invoke', fnName, ...args),
};
const env: Window['env'] = {
// GitLab OAuth — redirect URI, client ID, and API URL allow dev/enterprise overrides
INSOMNIA_GITLAB_REDIRECT_URI: process.env.INSOMNIA_GITLAB_REDIRECT_URI,
INSOMNIA_GITLAB_CLIENT_ID: process.env.INSOMNIA_GITLAB_CLIENT_ID,
INSOMNIA_GITLAB_API_URL: process.env.INSOMNIA_GITLAB_API_URL,
// E2E sentinel: switches analytics to dev keys and forces vertical layout in settings
PLAYWRIGHT_TEST: process.env.PLAYWRIGHT_TEST,
// E2E fixtures: pre-seed auth state so tests bypass login/key-derivation UI
INSOMNIA_SKIP_ONBOARDING: process.env.INSOMNIA_SKIP_ONBOARDING,
INSOMNIA_SESSION: process.env.INSOMNIA_SESSION,
INSOMNIA_SECRET_KEY: process.env.INSOMNIA_SECRET_KEY,
INSOMNIA_PUBLIC_KEY: process.env.INSOMNIA_PUBLIC_KEY,
// E2E vault fixtures: pre-seed deterministic salt/key/SRP secret
INSOMNIA_VAULT_SALT: process.env.INSOMNIA_VAULT_SALT,
INSOMNIA_VAULT_KEY: process.env.INSOMNIA_VAULT_KEY,
INSOMNIA_VAULT_SRP_SECRET: process.env.INSOMNIA_VAULT_SRP_SECRET,
// App environment: gates dev features and selects analytics keys
INSOMNIA_ENV: process.env.INSOMNIA_ENV,
// Injected at build time; shown in the About screen
BUILD_DATE: process.env.BUILD_DATE,
// Windows portable binary sentinel: presence disables auto-updates
PORTABLE_EXECUTABLE_DIR: process.env.PORTABLE_EXECUTABLE_DIR,
// OAuth flow URL overrides for dev/staging environments
OAUTH_REDIRECT_URL: process.env.OAUTH_REDIRECT_URL,
OAUTH_RELAY_URL: process.env.OAUTH_RELAY_URL,
// Service URL overrides: allow dev/CI to target local or staging backends
INSOMNIA_API_URL: process.env.INSOMNIA_API_URL,
INSOMNIA_MOCK_API_URL: process.env.INSOMNIA_MOCK_API_URL,
INSOMNIA_AI_URL: process.env.INSOMNIA_AI_URL,
KONNECT_API_URL: process.env.KONNECT_API_URL,
INSOMNIA_APP_WEBSITE_URL: process.env.INSOMNIA_APP_WEBSITE_URL,
// GitHub API URL overrides for GitHub Enterprise targets
INSOMNIA_GITHUB_REST_API_URL: process.env.INSOMNIA_GITHUB_REST_API_URL,
INSOMNIA_GITHUB_API_URL: process.env.INSOMNIA_GITHUB_API_URL,
// Disables the renderer↔hidden-window plugin bridge when set to 'false'
INSOMNIA_ENABLE_PLUGIN_BRIDGE: process.env.INSOMNIA_ENABLE_PLUGIN_BRIDGE,
};
if (process.contextIsolated) {
contextBridge.exposeInMainWorld('main', main);
contextBridge.exposeInMainWorld('dialog', dialog);
@@ -448,6 +486,7 @@ if (process.contextIsolated) {
contextBridge.exposeInMainWorld('path', path);
contextBridge.exposeInMainWorld('database', database);
contextBridge.exposeInMainWorld('_dataServices', servicesProxy);
contextBridge.exposeInMainWorld('env', env);
} else {
window.main = main;
window.dialog = dialog;
@@ -458,4 +497,5 @@ if (process.contextIsolated) {
window.path = path;
window.database = database;
window._dataServices = servicesProxy;
window.env = env;
}

28
packages/insomnia/types/global.d.ts vendored
View File

@@ -5,8 +5,36 @@ import type { DatabaseBridgeAPI } from '../src/main/ipc/database';
import type { DiffMatchPatch, DiffOp } from 'diff-match-patch-ts';
import type { Services } from '~/insomnia-data';
type RendererEnv = {
INSOMNIA_GITLAB_REDIRECT_URI: string | undefined;
INSOMNIA_GITLAB_CLIENT_ID: string | undefined;
INSOMNIA_GITLAB_API_URL: string | undefined;
PLAYWRIGHT_TEST: string | undefined;
INSOMNIA_SKIP_ONBOARDING: string | undefined;
INSOMNIA_SESSION: string | undefined;
INSOMNIA_SECRET_KEY: string | undefined;
INSOMNIA_PUBLIC_KEY: string | undefined;
INSOMNIA_VAULT_SALT: string | undefined;
INSOMNIA_VAULT_KEY: string | undefined;
INSOMNIA_VAULT_SRP_SECRET: string | undefined;
INSOMNIA_ENV: string | undefined;
BUILD_DATE: string | undefined;
PORTABLE_EXECUTABLE_DIR: string | undefined;
OAUTH_REDIRECT_URL: string | undefined;
OAUTH_RELAY_URL: string | undefined;
INSOMNIA_API_URL: string | undefined;
INSOMNIA_MOCK_API_URL: string | undefined;
INSOMNIA_AI_URL: string | undefined;
KONNECT_API_URL: string | undefined;
INSOMNIA_APP_WEBSITE_URL: string | undefined;
INSOMNIA_GITHUB_REST_API_URL: string | undefined;
INSOMNIA_GITHUB_API_URL: string | undefined;
INSOMNIA_ENABLE_PLUGIN_BRIDGE: string | undefined;
};
declare global {
interface Window {
env: RendererEnv;
main: RendererToMainBridgeAPI;
bridge: HiddenBrowserWindowToMainBridgeAPI;
database: DatabaseBridgeAPI;