allowDisplayingInsecureContent is removed by Chrome
This commit is contained in:
parent
47c1bc9f66
commit
2e0780308c
13 changed files with 7 additions and 24 deletions
|
@ -238,10 +238,8 @@ It creates a new `BrowserWindow` with native properties as set by the `options`.
|
|||
* `javascript` Boolean (optional) - Enables JavaScript support. Default is `true`.
|
||||
* `webSecurity` Boolean (optional) - When `false`, it will disable the
|
||||
same-origin policy (usually using testing websites by people), and set
|
||||
`allowDisplayingInsecureContent` and `allowRunningInsecureContent` to
|
||||
`true` if these two options are not set by user. Default is `true`.
|
||||
* `allowDisplayingInsecureContent` Boolean (optional) - Allow an https page to display
|
||||
content like images from http URLs. Default is `false`.
|
||||
`allowRunningInsecureContent` to `true` if this options has not been set
|
||||
by user. Default is `true`.
|
||||
* `allowRunningInsecureContent` Boolean (optional) - Allow an https page to run
|
||||
JavaScript, CSS or plugins from http URLs. Default is `false`.
|
||||
* `images` Boolean (optional) - Enables image support. Default is `true`.
|
||||
|
|
|
@ -203,7 +203,7 @@ windows. Popups are disabled by default.
|
|||
### `webpreferences`
|
||||
|
||||
```html
|
||||
<webview src="https://github.com" webpreferences="allowDisplayingInsecureContent, javascript=no"></webview>
|
||||
<webview src="https://github.com" webpreferences="allowRunningInsecureContent, javascript=no"></webview>
|
||||
```
|
||||
|
||||
A list of strings which specifies the web preferences to be set on the webview, separated by `,`.
|
||||
|
|
|
@ -64,7 +64,6 @@ This is not bulletproof, but at the least, you should attempt the following:
|
|||
, and use restrictive rules (i.e. `script-src 'self'`)
|
||||
* [Override and disable `eval`](https://github.com/nylas/N1/blob/0abc5d5defcdb057120d726b271933425b75b415/static/index.js#L6-L8)
|
||||
, which allows strings to be executed as code.
|
||||
* Do not set `allowDisplayingInsecureContent` to true.
|
||||
* Do not set `allowRunningInsecureContent` to true.
|
||||
* Do not enable `experimentalFeatures` or `experimentalCanvasFeatures` unless
|
||||
you know what you're doing.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue