[IMP] add server settings for CORS#795
Open
RaoufGhrissi wants to merge 1 commit intoActivityWatch:masterfrom
Open
[IMP] add server settings for CORS#795RaoufGhrissi wants to merge 1 commit intoActivityWatch:masterfrom
RaoufGhrissi wants to merge 1 commit intoActivityWatch:masterfrom
Conversation
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (allow_aw_chrome_extension and allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795
Author
|
I will apply the same changes to aw-server once validated on aw-server-rust |
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795
Contributor
Greptile SummaryThis PR adds a CORS configuration modal ( Confidence Score: 3/5Safe to merge after addressing the remaining unresolved P1 (stale config on failed reload, flagged in a prior review cycle) and the new The prior P1 issue — src/stores/cors.ts —
|
| Filename | Overview |
|---|---|
| src/components/CorsConfigModal.vue | New modal for editing CORS config. Previous concerns about missing error state and incomplete editable type have been addressed; residual risk is the underlying stale-config issue in the store (previous thread). |
| src/stores/cors.ts | New Pinia store for CORS state. needs_restart is not set to true after save; load() still does not clear this.config before refetch (previous thread), so stale config is shown on failed reload. |
| src/views/settings/Settings.vue | Minimal change: adds "Configure CORS" button and CorsConfigModal component after DeveloperSettings. Correctly registered in components. No issues. |
Sequence Diagram
sequenceDiagram
participant User
participant CorsConfigModal
participant CorsStore
participant Server
User->>CorsConfigModal: Click "Configure CORS"
CorsConfigModal->>CorsStore: load()
CorsStore->>Server: GET /0/cors-config
Server-->>CorsStore: CorsConfig (cors, cors_regex, flags, in_file, needs_restart)
CorsStore-->>CorsConfigModal: config (watch fires → editable, corsStr, corsRegexStr updated)
User->>CorsConfigModal: Edit fields, click OK
CorsConfigModal->>CorsStore: save(editable as MutableCorsConfig)
CorsStore->>Server: POST /0/cors-config (mutable fields only)
Server-->>CorsStore: 200 OK
CorsStore->>CorsStore: config = {...config, ...payload} (needs_restart NOT updated)
CorsConfigModal->>User: Modal closes + alert("restart required")
Reviews (7): Last reviewed commit: "[SEC] restrict CORS to authorized extens..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| | Recommended for security. To allow a specific extension safely: | ||
| ol.mt-2.mb-1 | ||
| li Go to <code>about:debugging#/runtime/this-firefox</code> in your browser. | ||
| li Look for your extension and copy the **Manifest URL** (e.g. <code>moz-extension://4b931c07deded...ff152/manifest.json</code>). |
Contributor
There was a problem hiding this comment.
The **Manifest URL** syntax is Markdown, not Pug/HTML. Pug templates do not process Markdown, so users will see the asterisks rendered literally in the browser (**Manifest URL** instead of Manifest URL). Use an inline <b> tag or Pug's b element instead.
Suggested change
| li Look for your extension and copy the **Manifest URL** (e.g. <code>moz-extension://4b931c07deded...ff152/manifest.json</code>). | |
| li Look for your extension and copy the <b>Manifest URL</b> (e.g. <code>moz-extension://4b931c07deded...ff152/manifest.json</code>). |
Comment on lines
+29
to
+33
| ol.mt-2.mb-1 | ||
| li Go to <code>about:debugging#/runtime/this-firefox</code> in your browser. | ||
| li Look for your extension and copy the **Manifest URL** (e.g. <code>moz-extension://4b931c07deded...ff152/manifest.json</code>). | ||
| li Remove <code>manifest.json</code> from the end (to get <code>moz-extension://4b931c07deded...ff152</code>). | ||
| li Paste it into the <b>Regex CORS origins</b> field above (use a comma to separate if not empty). |
Contributor
There was a problem hiding this comment.
Step 3 tells the user to paste a raw moz-extension://... URL (e.g. moz-extension://4b931c07deded...ff152) into the Regex CORS origins field. However, the dots (.) in that URL are regex metacharacters that match any character, so the pattern will also match origins with different characters in those positions. This could allow an unintended extension to bypass the CORS check.
Consider updating the instructions to advise users to escape literal dots with \., or direct them to paste the origin into the Fixed CORS origins field instead (which uses exact matching), if the backend supports it.
Comment on lines
+35
to
+36
| div.mt-5.text-muted.small | ||
| | Web UI commit hash: {{ COMMIT_HASH }} |
Contributor
There was a problem hiding this comment.
The "Web UI commit hash" line is already shown at the bottom of DeveloperSettings.vue. Having it repeated at the bottom of ServerSettings.vue as well is redundant and looks like an accidental copy-paste. Consider removing it from ServerSettings.vue.
Comment on lines
+44
to
+47
| return { | ||
| showSettings: false, | ||
| }; | ||
| }, |
Contributor
There was a problem hiding this comment.
showSettings data property
The data() function exposes showSettings: false, but this property is never referenced anywhere in the template or the computed/methods sections. It appears to be an accidental copy-paste artefact from another settings component. It can be safely removed.
Suggested change
| return { | |
| showSettings: false, | |
| }; | |
| }, | |
| computed: { |
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
force-pushed
the
ref/cors-settings
branch
from
9e1a0fe to
ee21fb6
Compare
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. The TOML configuration file values are now used only as an initial seed for the database during the first run. On subsequent runs, any values changed and persisted via the Web UI will take precedence over the config file defaults. Fixed a bug in the web-ui store where changing one setting would cause all other settings to be re-saved with their initial client-side values, unintentionally overwriting database settings with stale defaults. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. The TOML configuration file values are now used only as an initial seed for the database during the first run. On subsequent runs, any values changed and persisted via the Web UI will take precedence over the config file defaults. Fixed a bug in the web-ui store where changing one setting would cause all other settings to be re-saved with their initial client-side values, unintentionally overwriting database settings with stale defaults. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
force-pushed
the
ref/cors-settings
branch
from
ee21fb6 to
d0af1de
Compare
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. The TOML configuration file values are now used only as an initial seed for the database during the first run. On subsequent runs, any values changed and persisted via the Web UI will take precedence over the config file defaults. Fixed a bug in the web-ui store where changing one setting would cause all other settings to be re-saved with their initial client-side values, unintentionally overwriting database settings with stale defaults. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 2, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. The TOML configuration file values are now used only as an initial seed for the database during the first run. On subsequent runs, any values changed and persisted via the Web UI will take precedence over the config file defaults. Fixed a bug in the web-ui store where changing one setting would cause all other settings to be re-saved with their initial client-side values, unintentionally overwriting database settings with stale defaults. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 3, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. The TOML configuration file values are now used only as an initial seed for the database during the first run. On subsequent runs, any values changed and persisted via the Web UI will take precedence over the config file defaults. Fixed a bug in the web-ui store where changing one setting would cause all other settings to be re-saved with their initial client-side values, unintentionally overwriting database settings with stale defaults. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 3, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (cors_allow_aw_chrome_extension and cors_allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. The TOML configuration file values are now used only as an initial seed for the database during the first run. On subsequent runs, any values changed and persisted via the Web UI will take precedence over the config file defaults. Fixed a bug in the web-ui store where changing one setting would cause all other settings to be re-saved with their initial client-side values, unintentionally overwriting database settings with stale defaults. Dependent on: ActivityWatch/aw-webui#795
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 9, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (allow_aw_chrome_extension and allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795 edited according to the last changes
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 9, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (allow_aw_chrome_extension and allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795 edited according to the last changes
RaoufGhrissi
force-pushed
the
ref/cors-settings
branch
from
d0af1de to
cd7673f
Compare
Contributor
|
Tip: Greploop — Automatically fix all review issues by running Use the Greptile plugin for Claude Code to query reviews, search comments, and manage custom context directly from your terminal. |
Comment on lines
+42
to
+43
| div(v-else-if="loading") | ||
| p Loading... |
Contributor
There was a problem hiding this comment.
The store sets this.error when load() fails, but the component only maps config and loading from the store — error is never observed. When the API returns an error, loading becomes false and config stays null, so the modal shows a completely blank body while the OK button remains enabled (:ok-disabled="loading" only guards the in-flight case). A user clicking OK at that point sends the component's initialised-to-empty editable (cors: [], cors_regex: [], ...) to the server, potentially wiping the existing CORS configuration.
Two changes are needed: (1) also map error from the store and display it, and (2) disable OK when the config hasn't loaded:
Suggested change
| div(v-else-if="loading") | |
| p Loading... | |
| div(v-else-if="loading") | |
| p Loading... | |
| div(v-else-if="error") | |
| b-alert(show variant="danger") Failed to load CORS configuration: {{ error }} |
And update the modal's ok-disabled binding:
b-modal(... :ok-disabled="loading || !config" ...)
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 9, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (allow_aw_chrome_extension and allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795 edited according to the last changes
RaoufGhrissi
force-pushed
the
ref/cors-settings
branch
2 times, most recently
from
690f553 to
60917fa
Compare
RaoufGhrissi
force-pushed
the
ref/cors-settings
branch
from
60917fa to
5279a87
Compare
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 9, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (allow_aw_chrome_extension and allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795 edited according to the last changes
Comment on lines
+57
to
+66
| editable: { | ||
| cors: [] as string[], | ||
| cors_regex: [] as string[], | ||
| cors_allow_aw_chrome_extension: false, | ||
| cors_allow_all_mozilla_extension: false, | ||
| }, | ||
| corsStr: '', | ||
| corsRegexStr: '', | ||
| corsStore: useCorsStore(), | ||
| }; |
Contributor
There was a problem hiding this comment.
editable declared type is missing CorsConfig fields
editable is initialised with only four fields, but corsStore.save() expects a full CorsConfig (which also requires in_file and needs_restart). TypeScript will likely raise a compile error at the corsStore.save(this.editable) call because the declared type of editable does not satisfy CorsConfig. Declare editable as CorsConfig from the start so the types align end-to-end.
Suggested change
| editable: { | |
| cors: [] as string[], | |
| cors_regex: [] as string[], | |
| cors_allow_aw_chrome_extension: false, | |
| cors_allow_all_mozilla_extension: false, | |
| }, | |
| corsStr: '', | |
| corsRegexStr: '', | |
| corsStore: useCorsStore(), | |
| }; | |
| editable: { | |
| cors: [] as string[], | |
| cors_regex: [] as string[], | |
| cors_allow_aw_chrome_extension: false, | |
| cors_allow_all_mozilla_extension: false, | |
| in_file: [] as string[], | |
| needs_restart: false, | |
| } as CorsConfig, |
RaoufGhrissi
force-pushed
the
ref/cors-settings
branch
from
5279a87 to
23ca24e
Compare
RaoufGhrissi
added a commit
to odoo/aw-server-rust
that referenced
this pull request
Apr 9, 2026
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (allow_aw_chrome_extension and allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-webui#795 edited according to the last changes
Fixes a security issue where any Firefox extension (moz-extension://.*) could access the ActivityWatch server without any restriction. Previously, the CORS configuration included a wildcard for all Mozilla extensions by default. This commit removes that blanket permission and introduces granular control through both static configuration and the Web UI. We've added 2 new fields to the file configuration (allow_aw_chrome_extension and allow_all_mozilla_extension) and 4 new settings to the Web UI (Fixed origins, Regex origins, and extension-specific shortcuts). The server now merges these settings to determine the final set of authorized origins, ensuring a more secure and flexible configuration. Dependent on: ActivityWatch/aw-server-rust#581 edited according to the last changes
RaoufGhrissi
force-pushed
the
ref/cors-settings
branch
from
23ca24e to
268528b
Compare
Comment on lines
+28
to
+39
| async load() { | ||
| this.loading = true; | ||
| this.error = null; | ||
| try { | ||
| const client = getClient(); | ||
| const response = await client.req.get('/0/cors-config'); | ||
| this.config = response.data; | ||
| } catch (e: any) { | ||
| this.error = e.response?.data?.message || e.message || 'Failed to load CORS config'; | ||
| } finally { | ||
| this.loading = false; | ||
| } |
Contributor
There was a problem hiding this comment.
load() never clears this.config before issuing the request. When the modal is opened a second time and the fetch fails, this.config still holds the previous session's data. Back in the template, v-if="config" evaluates to true, so the form renders with stale values and the v-else-if="error" branch is never reached — the user sees no indication that the reload failed and edits data they believe to be current.
Add this.config = null; at the top of load() so that a failed refetch exposes the error state:
Suggested change
| async load() { | |
| this.loading = true; | |
| this.error = null; | |
| try { | |
| const client = getClient(); | |
| const response = await client.req.get('/0/cors-config'); | |
| this.config = response.data; | |
| } catch (e: any) { | |
| this.error = e.response?.data?.message || e.message || 'Failed to load CORS config'; | |
| } finally { | |
| this.loading = false; | |
| } | |
| async load() { | |
| this.loading = true; | |
| this.config = null; | |
| this.error = null; | |
| try { | |
| const client = getClient(); | |
| const response = await client.req.get('/0/cors-config'); | |
| this.config = response.data; | |
| } catch (e: any) { | |
| this.error = e.response?.data?.message || e.message || 'Failed to load CORS config'; | |
| } finally { | |
| this.loading = false; | |
| } | |
| }, |
Contributor
|
Greptile encountered an error while reviewing this PR. Please reach out to support@greptile.com for assistance. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Dependent on: ActivityWatch/aw-server-rust#581