Back to Signal Feed
CodeTracked since May 19, 2026

Fix broken desktop update check by routing About modal through Tauri updater

The About modal’s “Check for updates” flow was changed from a WebView `fetch()` call to the GitHub releases API to the Tauri updater plugin’s `check()` API, removing the CSP-blocked path that previously produced `Failed to fetch` for users.

About modalWebView `fetch()`Tauri updater pluginCSP connect-src

What Happened

  • The About modal’s “Check for updates” flow was changed from a WebView `fetch()` call to the GitHub releases API to the Tauri updater plugin’s `check()` API, removing the CSP-blocked path that previously produced `Failed to fetch` for users.
  • The About modal’s “Check for updates” flow was changed from a WebView `fetch()` call to the GitHub releases API to the Tauri updater plugin’s `check()` API, removing the CSP-blocked path that previously produced `Failed to fetch` for users.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Replaced the About page’s custom update request and release-tag parsing logic with a single `check()` call to `@tauri-apps/plugin-updater`, and removed the obsolete `RELEASES_API`, `cmpSemver()` path, and stale i18n key tied to that path. This makes update detection in the UI use the same updater pipeline already used in app startup and avoids duplicate version comparison code.

Why Track This

Why It Matters

Desktop users clicking the About page’s Check for updates now get a usable update check instead of an immediate `Failed to fetch` error, so they can confirm update availability inside the app without repeated manual fallbacks; teams should watch whether the same UI path remains reliable under offline/proxy/restricted-network environments where plugin-level request behavior can differ. The technical change is that the flow now goes through Tauri IPC (`check()`) instead of browser-side cross-origin fetch, which bypasses the WebView CSP restriction and removes bespoke release-tag filtering logic.

Impact

Desktop users clicking the About page’s Check for updates now get a usable update check instead of an immediate `Failed to fetch` error, so they can confirm update availability inside the app without repeated manual fallbacks; teams should watch whether the same UI path remains reliable under offline/proxy/restricted-network environments where plugin-level request behavior can differ. The technical change is that the flow now goes through Tauri IPC (`check()`) instead of browser-side cross-origin fetch, which bypasses the WebView CSP restriction and removes bespoke release-tag filtering logic.

What To Watch Next

  • Watch whether About modal becomes a repeated pattern.
  • Track follow-up changes around Model Context Protocol.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: watch_offline_or_proxy_network_handling, watch_updater_check_error_visibility_to_users.
Open Topic TimelineOpen Technical EventOpen Original Sourcewatch_offline_or_proxy_network_handling / watch_updater_check_error_visibility_to_users / watch_behavior_when_no_update_is_available

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

esengine/DeepSeek-Reasonix PR #1298: fix(desktop): use updater plugin for update check to bypass CSP

Previously, `about.tsx` used direct `fetch()` to `https://api.github.com/.../releases` from WebView, but CSP (`connect-src 'self' ipc: http://ipc.localhost`) blocked it and showed `TypeError: Failed to fetch`; the PR replaces this with `@tauri-apps/plugin-updater` `check()`.