mirror of
https://github.com/NanmiCoder/cc-haha
synced 2026-07-16 13:03:31 +08:00
This release moves the verified desktop H5-auth regression fix into the versioned artifact pipeline so blocked v0.2.3 users can receive a GitHub-built replacement quickly. Constraint: GitHub Release body is sourced from release-notes/v0.2.4.md in the tagged commit. Constraint: Release workflow requires the app, Tauri, Cargo, and lockfile versions to match the tag. Rejected: Ship only the hotfix commit without a release tag | affected desktop users need packaged artifacts from the release workflow. Confidence: high Scope-risk: narrow Directive: Keep v0.2.4 scoped to the startup auth regression; broader H5 improvements belong in a later release. Tested: bun run scripts/release.ts 0.2.4 --dry Tested: bun run scripts/release.ts 0.2.4 Not-tested: GitHub release workflow before push; it only runs after the tag is pushed.
28 lines
1.0 KiB
Markdown
28 lines
1.0 KiB
Markdown
# Claude Code Haha v0.2.4
|
||
|
||
这是一个紧急修复版本,用于解决 `v0.2.3` 升级后部分桌面用户启动失败的问题。
|
||
|
||
## Highlight
|
||
|
||
- **修复桌面启动失败**:修复 `v0.2.3` H5/LAN 访问改动引入的本地服务鉴权回归,避免桌面端启动时卡在 `Missing Authorization header`。
|
||
|
||
## 问题修复
|
||
|
||
- 修复桌面 sidecar 绑定局域网地址后,Tauri 桌面 WebView 访问本机 `127.0.0.1` 控制 API 被误判为远程 H5 请求的问题。
|
||
- 保留 H5 远程访问的 token 和 CORS 边界:只有 Tauri WebView 控制本机 loopback sidecar 时可以免 H5 token,LAN 或公网 H5 访问仍然需要正确授权。
|
||
|
||
## 验证
|
||
|
||
- 已新增服务端回归测试,覆盖 Tauri WebView origin 启动访问本机 sidecar 不再触发 H5 token 要求。
|
||
- 已确认 H5 token、CORS、WebSocket 鉴权相关服务端测试仍然通过。
|
||
|
||
## 安装说明
|
||
|
||
### macOS
|
||
|
||
首次打开如果提示"已损坏"或"无法验证开发者",请执行:
|
||
|
||
```bash
|
||
xattr -cr /Applications/Claude\ Code\ Haha.app
|
||
```
|