pake-cli 3.11.6 → 3.11.8

package/dist/cli.js

@@ -20,7 +20,7 @@ import { InvalidArgumentError, program as program$1, Option } from 'commander';
 import fs$1 from 'fs';
 
 var name = "pake-cli";
-var version = "3.11.6";
+var version = "3.11.8";
 var description = "🤱🏻 Turn any webpage into a desktop app with one command. 🤱🏻 一键打包网页生成轻量桌面应用。";
 var engines = {
 	node: ">=18.0.0"
@@ -31,7 +31,7 @@ var bin = {
 };
 var repository = {
 	type: "git",
-	url: "git+https://github.com/tw93/pake.git"
+	url: "git+https://github.com/tw93/Pake.git"
 };
 var author = {
 	name: "Tw93",
@@ -62,6 +62,7 @@ var scripts = {
 	test: "pnpm run cli:build && cross-env PAKE_CREATE_APP=1 node tests/index.js",
 	format: "prettier --write . --ignore-unknown && find tests -name '*.js' -exec sed -i '' 's/[[:space:]]*$//' {} \\; && cd src-tauri && cargo fmt --verbose",
 	"format:check": "prettier --check . --ignore-unknown",
+	"release:check": "node scripts/check-release-version.mjs && pnpm run format:check && npx vitest run && pnpm run cli:build && npm pack --dry-run --ignore-scripts",
 	update: "pnpm update --verbose && cd src-tauri && cargo update",
 	prepublishOnly: "pnpm run cli:build"
 };
@@ -247,38 +248,10 @@ async function shellExec(command, timeout = 300000, env) {
         if (error.timedOut) {
             throw new Error(`Command timed out after ${timeout}ms: "${command}". Try increasing timeout or check network connectivity.`);
         }
-        let errorMsg = `Error occurred while executing command "${command}". Exit code: ${exitCode}. Details: ${errorMessage}`;
-        // Provide helpful guidance for common Linux AppImage build failures
-        // caused by strip tool incompatibility with modern glibc (2.38+)
-        const lowerError = errorMessage.toLowerCase();
-        if (process.platform === 'linux' &&
-            (lowerError.includes('linuxdeploy') ||
-                lowerError.includes('appimage') ||
-                lowerError.includes('strip'))) {
-            errorMsg +=
-                '\n\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n' +
-                    'Linux AppImage Build Failed\n' +
-                    '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n' +
-                    'Cause: Strip tool incompatibility with glibc 2.38+\n' +
-                    '       (affects Debian Trixie, Arch Linux, and other modern distros)\n\n' +
-                    'Quick fix:\n' +
-                    '  NO_STRIP=1 pake <url> --targets appimage --debug\n\n' +
-                    'Alternatives:\n' +
-                    '  • Use DEB format: pake <url> --targets deb\n' +
-                    '  • Update binutils: sudo apt install binutils (or pacman -S binutils)\n' +
-                    '  • Detailed guide: https://github.com/tw93/Pake/blob/main/docs/faq.md\n' +
-                    '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━';
-            if (lowerError.includes('fuse') ||
-                lowerError.includes('operation not permitted') ||
-                lowerError.includes('/dev/fuse')) {
-                errorMsg +=
-                    '\n\nDocker / Container hint:\n' +
-                        '  AppImage tooling needs access to /dev/fuse. When running inside Docker, add:\n' +
-                        '    --privileged --device /dev/fuse --security-opt apparmor=unconfined\n' +
-                        '  or run on the host directly.';
-            }
-        }
-        throw new Error(errorMsg);
+        // AppImage/linuxdeploy guidance is added by the caller (BaseBuilder), which
+        // knows the build target. We only have the command line here (the tool's
+        // diagnostics stream to the terminal via stdio:inherit, not into the error).
+        throw new Error(`Error occurred while executing command "${command}". Exit code: ${exitCode}. Details: ${errorMessage}`);
     }
 }
 
@@ -806,6 +779,24 @@ function getBuildTimeout() {
     return 900000;
 }
 let packageManagerCache = null;
+function parseMajorVersion(version) {
+    const match = version.match(/^v?(\d+)/);
+    return match ? Number(match[1]) : null;
+}
+function getPinnedPnpmMajorVersion() {
+    const packageManager = packageJson.packageManager;
+    const match = packageManager?.match(/^pnpm@(\d+)/);
+    return match ? Number(match[1]) : null;
+}
+async function detectNpm(execa) {
+    try {
+        await execa('npm', ['--version'], { stdio: 'ignore' });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
 /**
  * Returns 'pnpm' when available, otherwise 'npm'. Throws if neither is found.
  * Cached after the first successful detection so tests can call repeatedly.
@@ -815,23 +806,37 @@ async function detectPackageManager() {
         return packageManagerCache;
     }
     const { execa } = await import('execa');
+    let pnpmVersion;
     try {
-        await execa('pnpm', ['--version'], { stdio: 'ignore' });
-        logger.info('✺ Using pnpm for package management.');
-        packageManagerCache = 'pnpm';
-        return 'pnpm';
+        const { stdout } = await execa('pnpm', ['--version']);
+        pnpmVersion = stdout.trim();
     }
     catch {
-        try {
-            await execa('npm', ['--version'], { stdio: 'ignore' });
+        if (await detectNpm(execa)) {
             logger.info('✺ pnpm not available, using npm for package management.');
             packageManagerCache = 'npm';
             return 'npm';
         }
-        catch {
-            throw new Error('Neither pnpm nor npm is available. Please install a package manager.');
+        throw new Error('Neither pnpm nor npm is available. Please install a package manager.');
+    }
+    const normalizedPnpmVersion = pnpmVersion.startsWith('v')
+        ? pnpmVersion
+        : `v${pnpmVersion}`;
+    const pnpmMajor = parseMajorVersion(pnpmVersion);
+    const pinnedPnpmMajor = getPinnedPnpmMajorVersion();
+    if (pnpmMajor !== null &&
+        pinnedPnpmMajor !== null &&
+        pnpmMajor !== pinnedPnpmMajor) {
+        if (!(await detectNpm(execa))) {
+            throw new Error(`Detected pnpm ${normalizedPnpmVersion}, but Pake is pinned to ${packageJson.packageManager}. Install npm so Pake can fall back, or use pnpm ${pinnedPnpmMajor}.x to match the project pin.`);
         }
+        logger.warn(`✼ Detected pnpm ${normalizedPnpmVersion}, but Pake is pinned to ${packageJson.packageManager}; using npm for package management instead.`);
+        packageManagerCache = 'npm';
+        return 'npm';
     }
+    logger.info('✺ Using pnpm for package management.');
+    packageManagerCache = 'pnpm';
+    return 'pnpm';
 }
 function getInstallCommand(packageManager, useCnMirror) {
     const registryOption = useCnMirror
@@ -887,23 +892,29 @@ async function configureCargoRegistry(tauriSrcPath, useCnMirror) {
         logger.warn(`✼ ${projectConf} still references rsproxy.cn. Remove it or set ${CN_MIRROR_ENV}=1 if you want to use the CN mirror.`);
     }
 }
-/**
- * Returns true when an error string looks like the well-known Tauri+linuxdeploy
- * strip failure that we automatically retry with NO_STRIP=1.
- */
-function isLinuxDeployStripError(error) {
-    if (!(error instanceof Error) || !error.message) {
-        return false;
-    }
-    const message = error.message.toLowerCase();
-    return (message.includes('linuxdeploy') ||
-        message.includes('failed to run linuxdeploy') ||
-        message.includes('strip:') ||
-        message.includes('unable to recognise the format of the input file') ||
-        message.includes('appimage tool failed') ||
-        message.includes('strip tool'));
-}
 
+// Appended to the error when a Linux AppImage build fails for good. linuxdeploy's
+// diagnostics stream to the terminal (stdio: 'inherit') and never reach
+// error.message, so we cannot name the exact cause. We only reach here after
+// NO_STRIP=1 has been applied and still failed, so strip is shown as ruled out.
+const APPIMAGE_BAR = '━'.repeat(56);
+const APPIMAGE_FAILURE_GUIDANCE = `\n\n${APPIMAGE_BAR}\n` +
+    'Linux AppImage Build Failed\n' +
+    `${APPIMAGE_BAR}\n\n` +
+    'The AppImage bundler (linuxdeploy) failed. Common causes and fixes:\n\n' +
+    '  • Strip incompatibility (glibc 2.38+): NO_STRIP=1 was already applied and\n' +
+    '    the build still failed, so strip is likely not the cause.\n' +
+    '  • Missing gdk-pixbuf loaders (e.g. "cannot stat\n' +
+    "    '/usr/lib/gdk-pixbuf-2.0/...'\"): install them, then rebuild:\n" +
+    '      Arch:    sudo pacman -S gdk-pixbuf2 librsvg\n' +
+    '      Debian:  sudo apt install librsvg2-common gdk-pixbuf2.0-bin\n' +
+    '      Fedora:  sudo dnf install gdk-pixbuf2-modules librsvg2\n' +
+    '      then:    gdk-pixbuf-query-loaders --update-cache\n' +
+    '  • Running in Docker/container: AppImage needs /dev/fuse:\n' +
+    '      --privileged --device /dev/fuse --security-opt apparmor=unconfined\n\n' +
+    'Still stuck? Build a DEB instead: pake <url> --targets deb\n' +
+    'Detailed guide: https://github.com/tw93/Pake/blob/main/docs/faq.md\n' +
+    APPIMAGE_BAR;
 class BaseBuilder {
     constructor(options) {
         this.options = options;
@@ -995,14 +1006,11 @@ class BaseBuilder {
             ...(process.env.NO_STRIP ? { NO_STRIP: process.env.NO_STRIP } : {}),
         };
         const resolveExecEnv = () => Object.keys(buildEnv).length > 0 ? buildEnv : undefined;
-        // Warn users about potential AppImage build failures on modern Linux systems.
-        // The linuxdeploy tool bundled in Tauri uses an older strip tool that doesn't
-        // recognize the .relr.dyn section introduced in glibc 2.38+.
-        if (process.platform === 'linux' && target === 'appimage') {
-            if (!buildEnv.NO_STRIP) {
-                logger.warn('⚠ Building AppImage on Linux may fail due to strip incompatibility with glibc 2.38+');
-                logger.warn('⚠ If build fails, retry with: NO_STRIP=1 pake <url> --targets appimage');
-            }
+        const isLinuxAppImage = process.platform === 'linux' && target === 'appimage';
+        // AppImage builds can fail at the linuxdeploy strip step on glibc 2.38+.
+        // A real failure now prints full guidance, so only hint in debug mode.
+        if (isLinuxAppImage && !buildEnv.NO_STRIP && this.options.debug) {
+            logger.warn('⚠ AppImage strip step can fail on glibc 2.38+; Pake will auto-retry with NO_STRIP=1.');
         }
         const buildCommand = `cd "${npmDirectory}" && ${this.getBuildCommand(packageManager)}`;
         const buildTimeout = getBuildTimeout();
@@ -1010,21 +1018,26 @@ class BaseBuilder {
             await shellExec(buildCommand, buildTimeout, resolveExecEnv());
         }
         catch (error) {
-            const shouldRetryWithoutStrip = process.platform === 'linux' &&
-                target === 'appimage' &&
-                !buildEnv.NO_STRIP &&
-                isLinuxDeployStripError(error);
-            if (shouldRetryWithoutStrip) {
-                logger.warn('⚠ AppImage build failed during linuxdeploy strip step, retrying with NO_STRIP=1 automatically.');
-                buildEnv = {
-                    ...buildEnv,
-                    NO_STRIP: '1',
-                };
-                await shellExec(buildCommand, buildTimeout, resolveExecEnv());
+            if (!isLinuxAppImage) {
+                throw error;
             }
-            else {
+            // linuxdeploy's diagnostics stream to the terminal (stdio: 'inherit') and
+            // never reach error.message, so we cannot classify the cause. strip is the
+            // most common AppImage failure, so retry once with NO_STRIP=1; if that
+            // (or an already-NO_STRIP run) still fails, surface all known causes.
+            if (buildEnv.NO_STRIP) {
+                error.message += APPIMAGE_FAILURE_GUIDANCE;
                 throw error;
             }
+            logger.warn('⚠ AppImage build failed, retrying once with NO_STRIP=1 (common glibc 2.38+ strip issue).');
+            buildEnv = { ...buildEnv, NO_STRIP: '1' };
+            try {
+                await shellExec(buildCommand, buildTimeout, resolveExecEnv());
+            }
+            catch (retryError) {
+                retryError.message += APPIMAGE_FAILURE_GUIDANCE;
+                throw retryError;
+            }
         }
         // Copy app
         const fileName = this.getFileName();
@@ -2308,8 +2321,8 @@ function resolveLocalAppName(filePath, platform) {
         return generateLinuxPackageName(baseName) || 'pake-app';
     }
     const normalized = baseName
-        .replace(/[^a-zA-Z0-9\u4e00-\u9fff -]/g, '')
-        .replace(/^[ -]+/, '')
+        .replace(/[^a-zA-Z0-9\u4e00-\u9fff .-]/g, '')
+        .replace(/^[ .-]+/, '')
         .replace(/\s+/g, ' ')
         .trim();
     return normalized || 'pake-app';
@@ -2317,7 +2330,7 @@ function resolveLocalAppName(filePath, platform) {
 function isValidName(name, platform) {
     const reg = platform === 'linux'
         ? /^[a-z0-9\u4e00-\u9fff][a-z0-9\u4e00-\u9fff-]*$/
-        : /^[a-zA-Z0-9\u4e00-\u9fff][a-zA-Z0-9\u4e00-\u9fff- ]*$/;
+        : /^[a-zA-Z0-9\u4e00-\u9fff][a-zA-Z0-9\u4e00-\u9fff .-]*$/;
     return !!name && reg.test(name);
 }
 async function handleOptions(options, url) {
@@ -2338,7 +2351,7 @@ async function handleOptions(options, url) {
     }
     if (name && !isValidName(name, platform)) {
         const LINUX_NAME_ERROR = `✕ Name should only include lowercase letters, numbers, and dashes (not leading dashes). Examples: com-123-xxx, 123pan, pan123, weread, we-read, 123.`;
-        const DEFAULT_NAME_ERROR = `✕ Name should only include letters, numbers, dashes, and spaces (not leading dashes and spaces). Examples: 123pan, 123Pan, Pan123, weread, WeRead, WERead, we-read, We Read, 123.`;
+        const DEFAULT_NAME_ERROR = `✕ Name should only include letters, numbers, dots, dashes, and spaces (not leading dots, dashes, and spaces). Examples: 123pan, 123Pan, Pan123, weread, WeRead, WERead, we-read, We Read, Vectorizer.AI, 123.`;
         const errorMsg = platform === 'linux' ? LINUX_NAME_ERROR : DEFAULT_NAME_ERROR;
         if (isActions) {
             logger.error(errorMsg);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pake-cli",
-  "version": "3.11.6",
+  "version": "3.11.8",
   "description": "🤱🏻 Turn any webpage into a desktop app with one command. 🤱🏻 一键打包网页生成轻量桌面应用。",
   "engines": {
     "node": ">=18.0.0"
@@ -11,7 +11,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/tw93/pake.git"
+    "url": "git+https://github.com/tw93/Pake.git"
   },
   "author": {
     "name": "Tw93",
@@ -42,6 +42,7 @@
     "test": "pnpm run cli:build && cross-env PAKE_CREATE_APP=1 node tests/index.js",
     "format": "prettier --write . --ignore-unknown && find tests -name '*.js' -exec sed -i '' 's/[[:space:]]*$//' {} \\; && cd src-tauri && cargo fmt --verbose",
     "format:check": "prettier --check . --ignore-unknown",
+    "release:check": "node scripts/check-release-version.mjs && pnpm run format:check && npx vitest run && pnpm run cli:build && npm pack --dry-run --ignore-scripts",
     "update": "pnpm update --verbose && cd src-tauri && cargo update",
     "prepublishOnly": "pnpm run cli:build"
   },

package/src-tauri/Cargo.lock

@@ -2564,7 +2564,7 @@ dependencies = [
 
 [[package]]
 name = "pake"
-version = "3.11.6"
+version = "3.11.8"
 dependencies = [
  "objc2",
  "objc2-app-kit",

package/src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "pake"
-version = "3.11.6"
+version = "3.11.8"
 description = "🤱🏻 Turn any webpage into a desktop app with Rust."
 authors = ["Tw93"]
 license = "MIT"

package/src-tauri/src/app/invoke.rs

@@ -1,5 +1,5 @@
 use crate::util::{check_file_or_append, get_download_message_with_lang, show_toast, MessageType};
-use std::fs::{self, File};
+use std::fs::File;
 use std::io::Write;
 use std::str::FromStr;
 use std::sync::atomic::{AtomicI64, Ordering};
@@ -73,13 +73,6 @@ pub struct DownloadFileParams {
     language: Option<String>,
 }
 
-#[derive(serde::Deserialize)]
-pub struct BinaryDownloadParams {
-    filename: String,
-    binary: Vec<u8>,
-    language: Option<String>,
-}
-
 #[derive(serde::Deserialize)]
 pub struct NotificationParams {
     title: String,
@@ -147,47 +140,6 @@ pub async fn download_file(app: AppHandle, params: DownloadFileParams) -> Result
     }
 }
 
-#[command]
-pub async fn download_file_by_binary(
-    app: AppHandle,
-    params: BinaryDownloadParams,
-) -> Result<(), String> {
-    let window: WebviewWindow = app.get_webview_window("pake").ok_or("Window not found")?;
-
-    show_toast(
-        &window,
-        &get_download_message_with_lang(MessageType::Start, params.language.clone()),
-    );
-
-    let download_dir = app
-        .path()
-        .download_dir()
-        .map_err(|e| format!("Failed to get download dir: {}", e))?;
-
-    let output_path = download_dir.join(&params.filename);
-
-    let path_str = output_path.to_str().ok_or("Invalid output path")?;
-
-    let file_path = check_file_or_append(path_str);
-
-    match fs::write(file_path, &params.binary) {
-        Ok(_) => {
-            show_toast(
-                &window,
-                &get_download_message_with_lang(MessageType::Success, params.language.clone()),
-            );
-            Ok(())
-        }
-        Err(e) => {
-            show_toast(
-                &window,
-                &get_download_message_with_lang(MessageType::Failure, params.language),
-            );
-            Err(e.to_string())
-        }
-    }
-}
-
 #[command]
 pub fn send_notification(app: AppHandle, params: NotificationParams) -> Result<(), String> {
     use tauri_plugin_notification::NotificationExt;

package/src-tauri/src/app/window.rs

@@ -1,12 +1,14 @@
 use crate::app::config::PakeConfig;
-use crate::util::get_data_dir;
+use crate::util::{
+    check_file_or_append, get_data_dir, get_download_message_with_lang, show_toast, MessageType,
+};
 use std::{
     path::PathBuf,
     str::FromStr,
     sync::atomic::{AtomicU32, Ordering},
 };
 use tauri::{
-    webview::{NewWindowFeatures, NewWindowResponse},
+    webview::{DownloadEvent, NewWindowFeatures, NewWindowResponse},
     AppHandle, Config, Manager, Url, WebviewUrl, WebviewWindow, WebviewWindowBuilder,
 };
 
@@ -426,6 +428,61 @@ fn build_window(
         }
     }
 
+    // Capture webview-initiated downloads (blob:, data:, Content-Disposition,
+    // etc.) and write them to the OS Downloads folder. This is essential for
+    // sites with a strict Content-Security-Policy (e.g. Gemini): their
+    // `connect-src` blocks Tauri's IPC origin, so downloads cannot be routed
+    // through the JS bridge, and downloads triggered from a sandboxed iframe
+    // can't reach the IPC either. Letting the browser download natively and
+    // catching it here is independent of the page CSP and the IPC channel.
+    {
+        let download_handle = app.clone();
+        window_builder = window_builder.on_download(move |_webview, event| match event {
+            DownloadEvent::Requested { url, destination } => {
+                match download_handle.path().download_dir() {
+                    Ok(download_dir) => {
+                        let filename = destination
+                            .file_name()
+                            .map(|name| name.to_string_lossy().to_string())
+                            .filter(|name| !name.is_empty())
+                            .or_else(|| {
+                                url.path_segments()
+                                    .and_then(|mut segments| segments.next_back())
+                                    .map(|segment| segment.to_string())
+                                    .filter(|segment| !segment.is_empty())
+                            })
+                            .unwrap_or_else(|| "download".to_string());
+
+                        let target = download_dir.join(filename);
+                        if let Some(path_str) = target.to_str() {
+                            *destination = PathBuf::from(check_file_or_append(path_str));
+                        }
+                    }
+                    Err(error) => {
+                        eprintln!("[Pake] Failed to resolve download dir: {error}");
+                    }
+                }
+                true
+            }
+            DownloadEvent::Finished {
+                url: _,
+                path: _,
+                success,
+            } => {
+                if let Some(window) = download_handle.get_webview_window("pake") {
+                    let message_type = if success {
+                        MessageType::Success
+                    } else {
+                        MessageType::Failure
+                    };
+                    show_toast(&window, &get_download_message_with_lang(message_type, None));
+                }
+                true
+            }
+            _ => true,
+        });
+    }
+
     window_builder = window_builder.on_navigation(|_| true);
 
     window_builder.build()

package/src-tauri/src/inject/event.js

@@ -340,118 +340,19 @@ document.addEventListener("DOMContentLoaded", () => {
     true,
   );
 
-  // Collect blob urls to blob by overriding window.URL.createObjectURL
-  function collectUrlToBlobs() {
-    const backupCreateObjectURL = window.URL.createObjectURL;
-    window.blobToUrlCaches = new Map();
-    window.URL.createObjectURL = (blob) => {
-      const url = backupCreateObjectURL.call(window.URL, blob);
-      window.blobToUrlCaches.set(url, blob);
-      return url;
-    };
-  }
-
-  function convertBlobUrlToBinary(blobUrl) {
-    return new Promise((resolve, reject) => {
-      const blob = window.blobToUrlCaches.get(blobUrl);
-      if (!blob) {
-        fetch(blobUrl)
-          .then((res) => res.arrayBuffer())
-          .then((buffer) => resolve(Array.from(new Uint8Array(buffer))))
-          .catch(reject);
-        return;
-      }
-      const reader = new FileReader();
-      reader.readAsArrayBuffer(blob);
-      reader.onload = () => {
-        resolve(Array.from(new Uint8Array(reader.result)));
-      };
-      reader.onerror = () => reject(reader.error);
-    });
-  }
-
-  function downloadFromDataUri(dataURI, filename) {
-    try {
-      const byteString = atob(dataURI.split(",")[1]);
-      // write the bytes of the string to an ArrayBuffer
-      const bufferArray = new ArrayBuffer(byteString.length);
-
-      // create a view into the buffer
-      const binary = new Uint8Array(bufferArray);
-
-      // set the bytes of the buffer to the correct values
-      for (let i = 0; i < byteString.length; i++) {
-        binary[i] = byteString.charCodeAt(i);
-      }
-
-      // write the ArrayBuffer to a binary, and you're done
-      const userLanguage = getUserLanguage();
-      invoke("download_file_by_binary", {
-        params: {
-          filename,
-          binary: Array.from(binary),
-          language: userLanguage,
-        },
-      }).catch((error) => {
-        console.error("Failed to download data URI file:", filename, error);
-        showDownloadError(filename);
-      });
-    } catch (error) {
-      console.error("Failed to process data URI:", dataURI, error);
-      showDownloadError(filename || "file");
-    }
-  }
-
-  function downloadFromBlobUrl(blobUrl, filename) {
-    convertBlobUrlToBinary(blobUrl)
-      .then((binary) => {
-        const userLanguage = getUserLanguage();
-        invoke("download_file_by_binary", {
-          params: {
-            filename,
-            binary,
-            language: userLanguage,
-          },
-        }).catch((error) => {
-          console.error("Failed to download blob file:", filename, error);
-          showDownloadError(filename);
-        });
-      })
-      .catch((error) => {
-        console.error("Failed to convert blob to binary:", blobUrl, error);
-        showDownloadError(filename);
-      });
-  }
-
-  // detect blob download by createElement("a")
-  function detectDownloadByCreateAnchor() {
-    const createEle = document.createElement;
-    document.createElement = (el) => {
-      if (el !== "a") return createEle.call(document, el);
-      const anchorEle = createEle.call(document, el);
-
-      // use addEventListener to avoid overriding the original click event.
-      anchorEle.addEventListener(
-        "click",
-        (e) => {
-          const url = anchorEle.href;
-          const filename = anchorEle.download || getFilenameFromUrl(url);
-          if (window.blobToUrlCaches.has(url)) {
-            e.preventDefault();
-            e.stopImmediatePropagation();
-            downloadFromBlobUrl(url, filename);
-            // case: download from dataURL -> convert dataURL ->
-          } else if (url.startsWith("data:")) {
-            e.preventDefault();
-            e.stopImmediatePropagation();
-            downloadFromDataUri(url, filename);
-          }
-        },
-        true,
-      );
-
-      return anchorEle;
-    };
+  // Trigger a native browser download via a transient anchor click. The Rust
+  // on_download handler then writes the file to the Downloads folder. This is
+  // used for blob:/data: URLs because routing their bytes through the Tauri
+  // IPC fails on strict-CSP sites (e.g. Gemini), whose connect-src blocks the
+  // IPC origin. The native download path is independent of the page CSP.
+  function triggerNativeDownload(url, filename) {
+    const anchor = document.createElement("a");
+    anchor.href = url;
+    anchor.download = filename || "";
+    anchor.style.display = "none";
+    document.body.appendChild(anchor);
+    anchor.click();
+    document.body.removeChild(anchor);
   }
 
   // process special download protocol['data:','blob:']
@@ -587,11 +488,16 @@ document.addEventListener("DOMContentLoaded", () => {
         return;
       }
 
-      // Process download links for Rust to handle.
-      if (
-        isDownloadRequired(absoluteUrl, anchorElement, e) &&
-        !isSpecialDownload(absoluteUrl)
-      ) {
+      // Process download links.
+      if (isDownloadRequired(absoluteUrl, anchorElement, e)) {
+        // Let the browser download blob:/data: URLs natively; the Rust
+        // on_download handler saves them to the Downloads folder. Routing them
+        // through the IPC fails on strict-CSP sites (e.g. Gemini), whose
+        // connect-src blocks the IPC origin, and on downloads triggered from a
+        // sandboxed iframe where the IPC can't be reached.
+        if (isSpecialDownload(absoluteUrl)) {
+          return;
+        }
         e.preventDefault();
         e.stopImmediatePropagation();
         const userLanguage = getUserLanguage();
@@ -625,9 +531,6 @@ document.addEventListener("DOMContentLoaded", () => {
   // Prevent some special websites from executing in advance, before the click event is triggered.
   document.addEventListener("click", detectAnchorElementClick, true);
 
-  collectUrlToBlobs();
-  detectDownloadByCreateAnchor();
-
   // Rewrite the window.open function.
   const originalWindowOpen = window.open;
   window.open = function (url, name, specs) {
@@ -863,12 +766,10 @@ document.addEventListener("DOMContentLoaded", () => {
     const filename = getFilenameFromUrl(imageUrl) || "image";
 
     // Handle different URL types
-    if (imageUrl.startsWith("data:")) {
-      downloadFromDataUri(imageUrl, filename);
-    } else if (imageUrl.startsWith("blob:")) {
-      if (window.blobToUrlCaches && window.blobToUrlCaches.has(imageUrl)) {
-        downloadFromBlobUrl(imageUrl, filename);
-      }
+    if (isSpecialDownload(imageUrl)) {
+      // Download blob:/data: natively so it works under strict CSP; the Rust
+      // on_download handler saves it to the Downloads folder.
+      triggerNativeDownload(imageUrl, filename);
     } else {
       // Regular HTTP(S) image
       const userLanguage = getUserLanguage();