allowDisplayingInsecureContent is removed by Chrome

This commit is contained in:
Cheng Zhao 2017-01-24 14:42:02 +09:00 committed by Kevin Sawicki
parent 47c1bc9f66
commit 2e0780308c
13 changed files with 7 additions and 24 deletions

View file

@ -238,10 +238,8 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
* `javascript` Boolean (optional) - Enables JavaScript support. Default is `true`.
* `webSecurity` Boolean (optional) - When `false`, it will disable the
same-origin policy (usually using testing websites by people), and set
`allowDisplayingInsecureContent` and `allowRunningInsecureContent` to
`true` if these two options are not set by user. Default is `true`.
* `allowDisplayingInsecureContent` Boolean (optional) - Allow an https page to display
content like images from http URLs. Default is `false`.
`allowRunningInsecureContent` to `true` if this options has not been set
by user. Default is `true`.
* `allowRunningInsecureContent` Boolean (optional) - Allow an https page to run
JavaScript, CSS or plugins from http URLs. Default is `false`.
* `images` Boolean (optional) - Enables image support. Default is `true`.

View file

@ -203,7 +203,7 @@ windows. Popups are disabled by default.
### `webpreferences`
```html
<webview src="https://github.com" webpreferences="allowDisplayingInsecureContent, javascript=no"></webview>
<webview src="https://github.com" webpreferences="allowRunningInsecureContent, javascript=no"></webview>
```
A list of strings which specifies the web preferences to be set on the webview, separated by `,`.

View file

@ -64,7 +64,6 @@ This is not bulletproof, but at the least, you should attempt the following:
, and use restrictive rules (i.e. `script-src 'self'`)
* [Override and disable `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6-L8)
, which allows strings to be executed as code.
* Do not set `allowDisplayingInsecureContent` to true.
* Do not set `allowRunningInsecureContent` to true.
* Do not enable `experimentalFeatures` or `experimentalCanvasFeatures` unless
you know what you're doing.