v0.1.8 — route external target=_blank to OS browser#1
Merged
Conversation
v0.1.6 forced every target=_blank click to navigate in-window so the shell would feel like an app. That worked for cross- internal links but trapped users on external destinations: clicking Capacities in the sidebar hijacked the entire shell window off to capacities.app, with no way back except ⌘←. Split the rule by destination host. INTERNAL_HOSTS (mirrors the capability's remote.urls allowlist: internal.automators.com, auth.automators.com) navigates in-window. Everything else routes through plugin:shell|open IPC → OS default browser. The shell:open permission is already in the default capability, so no security-side change. Adds a defensive try/catch + a safety-net fallback so a missing IPC bridge degrades to in- window navigation rather than a dead click. Bumps versions in lockstep across package.json, Cargo.toml, and tauri.conf.json. Tag v0.1.8 to trigger the release workflow.
There was a problem hiding this comment.
Pull request overview
This PR updates the Tauri shell’s handling of target="_blank" / window.open() so that internal links keep navigating inside the app window, while external links open in the OS default browser, and bumps the app version to v0.1.8.
Changes:
- Route
target="_blank"clicks andwindow.open()calls by destination host (internal hosts stay in-window; external hosts useplugin:shell|open). - Add helper logic (
INTERNAL_HOSTS,isInternalHost,openExternal) to support the split behavior and preserve modifier-click behavior. - Bump version numbers to
0.1.8across Tauri config, Rust crate, and npm package.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src-tauri/tauri.conf.json |
Bumps shell app version to 0.1.8. |
src-tauri/src/lib.rs |
Updates injected JS to route target="_blank" / window.open() differently for internal vs external hosts. |
src-tauri/Cargo.toml |
Bumps Rust crate version to 0.1.8. |
package.json |
Bumps npm package version to 0.1.8. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+164
to
+173
| function openExternal(href) { | ||
| if (window.__TAURI_INTERNALS__ && window.__TAURI_INTERNALS__.invoke) { | ||
| try { | ||
| window.__TAURI_INTERNALS__.invoke('plugin:shell|open', { path: href }); | ||
| return true; | ||
| } catch (e) { | ||
| return false; | ||
| } | ||
| } | ||
| return false; |
Comment on lines
190
to
201
| var origOpen = window.open; | ||
| window.open = function(url) { | ||
| if (typeof url === 'string' && url) { | ||
| window.location.href = url; | ||
| if (isInternalHost(url)) { | ||
| window.location.href = url; | ||
| return null; | ||
| } | ||
| if (openExternal(url)) { | ||
| return null; | ||
| } | ||
| window.location.href = url; // safety-net fallback | ||
| return null; |
Comment on lines
1
to
+3
| [package] | ||
| name = "internal-desktop" | ||
| version = "0.1.7" | ||
| version = "0.1.8" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why
v0.1.6 hijacked the entire shell window off to capacities.app when the user clicked "Capacities" in the sidebar. The user lost their place inside internal and the only way back was ⌘←. Wrong UX for "this is a different app" links — those should pop a real browser tab.
`shell:allow-open` is already in the default capability, so no security change needed.
Test plan
🤖 Generated with Claude Code