Merged
Conversation
Our settings are not a fatal requirement, we can fall back on the default values if they can't be accessed. A scenario where we've seen this happen is when cookies are disabled in the browser. It seems localStorage is disabled along with cookies in these settings. So, lets log a message about the failure and otherwise silently continue in this case. Fixes issue novnc#1577.
Don't crash if we can't use localStorage
This was an accidental copy error from inflator.js. The second argument to deflateInit() is the compression level, not the window bits. We have not strong opinions on an appropriate level, so stick to the default.
There is just one argument to inflateInit(). It is inflateInit2() that takes two arguments. Since this argument was never used, let's just remove it and keep the existing behaviour.
The compression level got changed in 01bb36d, but the tests weren't updated to follow this change.
There is no security result for the "none" authentication until RFB 3.8. This got broken by mistake in 5671072.
The code comment of this code was entirely incorrect, but the commit message for 5671072 when it was added was correct. I.e. there is a result, but not a reason. Adjust the unit tests to make sure this doesn't regress again.
Previously, num-lock and caps-lock syncing was performed on a best effort basis by qemu. Now, the syncing is performed by no-vnc instead. This allows the led state syncing to work in cases where it previously couldn't, since no-vnc has with this extension knowledge of both the remote and local capslock and numlock status, which QEMU doesn't have.
For instance, for listening only on "localhost" That is, bind on 127.0.0.1 instead of 0.0.0.0
The browser might throw an exception right away if there is something it doesn't like with our connect attempt. E.g. using a non-TLS WebSocket from a TLS web page.
websockify changes the working directory before it starts looking for files, so we must give it relative paths for things to work reliably.
These should have been removed as part of 890cff9.
Ubuntu 18.04 base snap is no longer supported, so switch to the currently newest one.
The npm package is supposed to be for CommonJS usage, so only package that to avoid confusion. This has become an issue now that nodejs supports ES6 modules, where users are accidentally trying to import the wrong files and get errors.
There is some bug in Chrome 119+ on some systems, where it takes forever for the first readback from a canvas, timing out the first test that does this. Work around the issue by increasing the timeout on that platform until Chrome manages to resolve the issue.
It sets KeyboardEvent.key to "Unidentified" for all non-character keys, which means we must ignore it and use the legacy handling to figure out the key pressed.
Fix for a0b7c0d.
As browsers are placing more and more new functionality as secure-context only, we need to prepare users for more problems. I find it likely that we will disable non-HTTPS connections in the future.
Primarily to avoid the versions that are now deprecated, but also update actions/upload-artifact to keep us up to date.
The default import was deprecated ages ago, and in v12 it has now finally been changed in a breaking way. Change the code to import things the proper way.
…connecting-after-dom-morph Avoid exception when cursor was removed from DOM already
Update Chinese translation
Should have been part of f0a39cd
Fuzzy translations might be incorrect, and obsolete translations aren't used anywhere.
Otherwise browser will complain when it is garbage collected.
This changed in 96c76f7, but we forgot to adjust the documentation for the parameters.
This mechanism was added in 438e5b3, but we forgot to document it.
This has been deprecated for around six years now. Let's remove the deprecation warning and disable setting showDotCursor via the options parameter.
Chai v6.0.0 introduced a breaking change where file imports now need to point at 'chai/index.js'. See the corresponding release note.
Helps the browser to free up the memory right away, rather than waiting until some later cleanup process. At least Firefox can start consuming gigabytes of memory without this.
Some encodings don't know how much data they need, rather they must probe the data stream until they find an end marker. Expose how much data is buffered in order to make this search efficient.
This is much more efficient than looking at two bytes at a time.
…com:elikoga/noVNC
Our snap packages no longer contain python2-websockify. It's now called websockify and is found in snap by the WEBSOCKIFY_FROMSYSTEM check.
Our snap package requires bash to run novnc_proxy, but it doesn't explicitly set a requirement for the which command to be installed. Let's therefore use a bash built-in when looking for the websockify binary.
Clipboard permissions must be supported, with states "granted" or "prompt" for both write and read.
With async clipboard available, the fallback clipboard textarea adds mostly confusion. If async clipboard is out right denied, users most likely don't want to see any clipboard activity.
ksimuk
approved these changes
Oct 28, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.