We are working on a customer facing electron app which should run in kiosk mode. The application runs on a touch enabled device with windows 10.
Even when the app is in kiosk mode, users can easily get into the OS by using the swipe gestures (Swipe left and Swipe right) of the OS.
What is the ideal way to lock down the app and prevent users from interacting with the OS?
There doesn't appear to be a way to disable touch screen gestures in Windows 10.
If you don't need the full node integration offered in electron, ie. your app could run entirely in Chrome you can run it from a cheap Android dongle and lock it down much more easily. I've done this a few times and there are apps which let you add a password, etc.
Alternatively, you could listen for the blur event on your BrowserWindow which is fired when your app loses focus. At that point you may be able to set it into the foreground again:
const mainWindow = require('electron').remote.getCurrentWindow();
mainWindow.on('blur', () => {
mainWindow.restore();
mainWindow.focus();
mainWindow.setKiosk(true);
});
I was able to disable touchscreen gestures for edge of screen by editing a group policy value:
RUN gpedit.msc from the Run box
Computer Configuration > Administrative Templates > Windows Components > EdgeUI > Allow Swipe: DISABLE
A method I've used since Windows 8, is to kill the explorer.exe process shortly after login. Achieved with a scheduled task, set to run 20-30 seconds after login, with a command like this:
taskkill /F /IM explorer.exe
If you need to work on the system, remote in or connect a keyboard and send CTRL + ALT + Del to bring up Task Manager. Go to File > Run new task. In the Create new task dialogue, enter explorer and hit Enter.
When done, reboot the system and all is back to normal.
What I've done to disable the swipe functionality of Windows is to launch our kiosk application instead of explorer.exe.
So, we often deal with multiple displays and many of our apps are written for chrome browser. That means an automated kiosk will have to run a script that launches full screen incognito/kiosk browser instances on two or more displays. We use AutoHotkey to automate the placement and fullscreening of displays, as well as running a watchdog script that monitors for possible browser crashes and popups.
Unintended defocusing by the OS is the last thing we want.
Anyway, to replace the explorer with your app, I've found this regedit to work:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="D:\\path\\to\\your\\appFile.bat"
Copy that into a .txt file, rename the extension to .reg and run it.
To revert:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
Since windows cannot run an .ahk file, we just run a .bat file that runs .ahk file, that in turn runs all the browsers and does all the other initialization magic.
For remote work, we do the same as user Bink mentioned: bring up run dialog and run explorer.exe. When done, reboot.
If you have windows Home and you don't have gpedit.msc
(even if you can install using https://www.itechtics.com/enable-gpedit-windows-10-home/)
I found this working solution:
https://www.tenforums.com/tutorials/48507-enable-disable-edge-swipe-screen-windows-10-a.html
Related
What exactly does kiosk: true in the BrowserWindow config of a new ElectronJS window do?
The documentation just states that the parameter indicates, that the window is in 'kiosk' mode. I was unable to find information on what this means.
Basically, Kiosk mode is a Windows operating system (OS) feature that only allows one application to run. Kiosk mode is a common way to lock down a Windows device when that device is used for a specific task or used in a public setting.
So in electron kiosk mode, we'd have the ability to lock down our application to a point that users are restricted to the actions that we want them to perform. Also, the browser would merely act as our canvas with exactly defined capabilities and doesn't get into our way. And this is why you want to use Electron!
It's true that this feature is not very well documented. There is a open bug about it : Kiosk mode is poorly documented
This seems that the kiosk flags brings some like :
Disable the F11 key to exit full screen
Disable keyboard shortcuts for navigating or creating new tabs / windows
Prevents other programs from popping up on your screen
According to this article, but I was unable to replicate all behaviours.
I think that under the hood it's may be linked to the kiosk command line switch in chromium : --kiosk.
I'm testing on a older iPhone and I have to shake the phone like a madman to get to the dev menu. Is there a command I can send through the bridge to reload or bring up the dev menu? I'm aware of live reload but that's not what I want.
For example on my Android device I can send adb shell input keyevent 82 to simulate a shake event and bring up the dev menu.
There is no way to open dev menu without shaking phone. Here is the issue related to this problem: https://github.com/facebook/react-native/issues/10191.
Nevertheless you can always try your code inside an iPhone emulator and open dev menu using ⌃⌘Z.
Best regards.
Does anyone know a way to silent print via a Chrome App?
I'm developing a chrome app for a KIOSK system which runs Chromium OS. I need to print a receipt via a Chrome App, which I already did. The problem is that print dialog box appears once print process is started.
Is there any way around this?
This is IMPORTANT INFORMATION about kiosk mode Chrome app
Kiosk parameters can not be useful when you install app in developer mode (1) ( Parameters = "kiosk_enabled":true and "kiosk_only":true located in manifest.json )
But the parameters work after install the app from Chrome Store. Therefore be careful about this trick.
Now my kiosk app can run full screen and silent print (without preview).
1) http://lifehacker.com/install-chrome-extensions-from-outside-the-store-with-d-1596918011?disableinsets=off&utm_expid=66866090-49.VYy4WCNHSyuP6EmjnM93MQ.1&utm_referrer=https%3A%2F%2Fwww.google.com.sa%2F
I found a temporary (maybe not temporary :) ) solution for this subject:
SOLUTION FOR CHROME APP
Install your App to chrome
Create shortcut from this app to desktop.
Right click > Properties > Edit Target Textbox like the below (you will add "--kiosk-printing" parameter )
Before Edit: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 2" --app-id=eoaefbbbpgcbhgeilphgobiicboopknp
After Edit: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --kiosk-printing --profile-directory="Profile 2" --app-id=eoaefbbbpgcbhgeilphgobiicboopknp
Absolutely restart chrome for effect (close every tabs and windows on chrome)
Try to print
If you want to remove default header and footer (page address and date) : Open normal chrome print something > on printer preview > More Settings > uncheck "Header and Footer". Chrome ll remember this settings always.
(In fact chrome must provide this property on manifest.json too, but i couldnt find yet)
If you're specifically targeting Kiosk mode apps, you just need to set a flag.
Specifically, --kiosk-printing
I'm not 100% sure how to do that on a Chrome OS device in Kiosk mode. Maybe you need to set it at chrome://flags before switching to Kiosk mode.
Sorry man, it's not possible.
But you could evaluate some workaround: install a web server, make an httpRequest, and then print using a server side language.
In my case, I used php to receive the http request from the chrome app, and then, from php, I launched a java app for the print. I used java because with php (php_printer.dll) is not possible to print images (it's possible to print bmp, but the process to convert a png to an bmp is too long).
I know, it's a little tricky, but it works.
I'm writing an iOS app that acts as, among other things, a telnet server. Naturally, it begins listening for connections as soon as it starts.
When I run the app in the Simulator, Mac OS X (I happen to be on 10.7.3) prompts me to Allow or Deny my application to accept incoming network connections. This is the standard Firewall message that Mac OS X uses for all unsigned, networked applications.
I grow weary of clicking "Allow" fifty or more times a day, and so I seek a way of permanently adding my app to the Firewall's list of permitted apps.
I've tried the following.
Open Activity Monitor while my app is running.
Select my app. Click "Inspect".
Go to the Open Files and Ports tab. One of the first lines is the precise path to my app. Copy and paste this path.
Open the Firewall... Advanced settings.
Click the + (add) button.
Browse to the application path and select it, thus adding it to the list of applications for which incoming connections are allowed.
In the last step there's a significant decision. You could add either the .app application package, or Show Contents on that package and add the "Unix executable" within. I've tried both approaches.
Interestingly, Firewall will in fact stop warning you about the app—for a while. After a few runs, however—it isn't clear to me what event actually causes this change, but it happens within half an hour or so for me, generally speaking—Firewall begins warning about the app again.
How do I set Firewall to permanently Allow my iOS app?
Naturally, I could bypass this whole problem by disabling the Mac OS X firewall. I could also avoid ever again getting a splinter in my foot by chopping it off. Neither of these courses of action recommend themselves to me.
What would you suggest?
So we want to suppress the following dialog
Do you want the application “NNN.app” to accept incoming network
connections?
which appear on every activation of the Xcode iOS simulator.
I believe there is now a solution for that. Basing my answer on this blog.
Simply run the following commands in a Terminal window:
#temporarily shut firewall off:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
#put Xcode as an exception:
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Xcode.app/Contents/MacOS/Xcode
#put iOS Simulator as an exception:
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Xcode.app/Contents/Developer/Applications/Simulator.app/Contents/MacOS/Simulator
#re-enable firewall:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
For me it worked. Please note simulator address is according to Xcode 8.
After dabbling with this for some time, I found that manually adding the executable itself to the Firewall "Allow" list gives the desired result. You don't add the .app, but rather the "Unix" executable inside the .app's Contents folder. I believed I had tried this file before without success, but currently it's working.
I think the best solution might be to script the process of okaying your app to the firewall.
If I recall correctly, the latest OSX firewall is actually clever about identifying apps and fingerprints the allowed binaries. This prevents the surprisingly effective tactic of just naming your malware "system32.exe" &c to evade the firewall. If that's the case, your app will be (correctly) blocked for not being the same binary that was okayed, and there's not really any way around it.
So, try scripting the firewall allowing process and incorporate that into the build process.
I never had luck with manually adding the executable to the firewall's allowed-list. Here's a solution using an automated mouse click:
Download CLIclick. (Thank you Carsten.)
Put it in a suitable location, say /usr/local/bin.
Get the Allow button's screen coordinates using ⌘⇧4. (In my example, these are x: 750, y: 600.)
Create a script with this content (the w: is the wait time in ms):
/usr/local/bin/cliclick c:750,600 w:1500 m:+0,+0 c:.
(I couldn't get CLIclick to work without "moving" it to the same location (the m:+0,+0 part) and clicking again at the same spot with c:..)
Open Xcode's Preferences / Behaviors and add the above script.
Enjoy!
I don't know if it is the right way but for me worked.
Turn off the firewall
Connect with the iphone app to your mac
Check if everything in the connection working
Turn on the firewall
I have written an application that injects some menu items in other BlackBerry applications (for example a "bookmark this page" menu item in the BlackBerry browser). I have configured the application to be run automatically at startup (of the device) so when the device starts, the menu items are installed in the other applications.
However, I would also like to have my application started directly after installation (via OTA), so the menu items are directly available to the user. Is there a way to accomplish this without having the user to reboot the device or manually start the application after installation?
Autostart applications should run
automatically after they have been
installed. What could have happened
is the application tried to autostart,
but didn't have the permissions to do
what it wanted and failed with a
ControlledAccessException. Often this
can be seen as the application failing
to start, but in fact it did start but
just wasn't allowed to do what it
tried to do.
Check the event log on the BlackBerry
(alt+lglg). You should see an entry
for your application being started
after it was installed.
Mark Sohm BlackBerry Development
Advisor www.BlackBerryDeveloper.com
BB Support Community Forums :Can we automatically run the application after install