search

thomiceli / opengist

Self-hosted pastebin powered by Git, open-source alternative to Github Gist.
https://opengist.io
GNU Affero General Public License v3.0
1.7k stars 90 forks source link

Copy to clipboard fails silently with macOS Safari when served remotely via http (not https) #282

Closed DD-P closed 4 months ago

DD-P commented 4 months ago
  1. OpenGist 1.7.2 via Ubuntu 23.10 containerised in Docker using the supplied docker-compose.yml.
  2. Clicking copy gist button does not place text on the clipboard

Results in TypeError: undefined is not an object (evaluating 'navigator.clipboard.writeText') in JavaScript console.

Explanation

This will work correctly over eg https://gist.homelab:6157 or http://localhost but not eg http://192.168.1.100:6157 or http://gist.homelab:6157

See https://webkit.org/blog/10855/async-clipboard-api/ which states —

The async clipboard API is a powerful web API, capable of both writing arbitrary data to the clipboard, as well as reading from the system clipboard. As such, there are serious security ramifications when allowing pages to write data to the clipboard

  • The API is limited to secure contexts, which means that navigator.clipboard is not present for http:// websites.

Workaround (Google Chrome)

  1. Allow-list your particular URL in Google Chrome via chrome://flags/#unsafely-treat-insecure-origin-as-secure in the Insecure origins treated as secure field.
  2. Access eg http://gist.homelab:6157 via Chrome
thomiceli commented 4 months ago

Not much to do from my side but this is good to know, maybe we should add this in the documentation