feat: warn when remote is used without enableRemoteModule: true (#21546)
* feat: warn when remote is used without enableRemoteModule: true * fix security warning
This commit is contained in:
parent
2f394d46c7
commit
2e1531ad90
4 changed files with 14 additions and 7 deletions
|
@ -321,7 +321,7 @@ const unwrapArgs = function (sender: electron.WebContents, frameId: number, cont
|
|||
|
||||
const isRemoteModuleEnabledImpl = function (contents: electron.WebContents) {
|
||||
const webPreferences = (contents as any).getLastWebPreferences() || {}
|
||||
return !!webPreferences.enableRemoteModule
|
||||
return webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : true
|
||||
}
|
||||
|
||||
const isRemoteModuleEnabledCache = new WeakMap()
|
||||
|
|
|
@ -13,6 +13,15 @@ const remoteObjectCache = v8Util.createIDWeakMap()
|
|||
// An unique ID that can represent current context.
|
||||
const contextId = v8Util.getHiddenValue(global, 'contextId')
|
||||
|
||||
ipcRendererInternal.invoke('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES').then(preferences => {
|
||||
console.log(preferences)
|
||||
if (!preferences.enableRemoteModule) {
|
||||
console.warn('%cElectron Deprecation Warning', 'font-weight: bold', "The 'remote' module is deprecated and will be disabled by default in a future version of Electron. To ensure a smooth upgrade and silence this warning, specify {enableRemoteModule: true} in the WebPreferences for this window.")
|
||||
}
|
||||
}, (err) => {
|
||||
console.error('Failed to get web preferences:', err)
|
||||
})
|
||||
|
||||
// Notify the main process when current context is going to be released.
|
||||
// Note that when the renderer process is destroyed, the message may not be
|
||||
// sent, we also listen to the "render-view-deleted" event in the main process
|
||||
|
|
|
@ -268,7 +268,9 @@ const warnAboutAllowedPopups = function () {
|
|||
// Logs a warning message about the remote module
|
||||
|
||||
const warnAboutRemoteModuleWithRemoteContent = function (webPreferences?: Electron.WebPreferences) {
|
||||
if (!webPreferences || !webPreferences.enableRemoteModule || isLocalhost()) return
|
||||
if (!webPreferences || isLocalhost()) return
|
||||
const remoteModuleEnabled = webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : true
|
||||
if (!remoteModuleEnabled) return
|
||||
|
||||
if (getIsRemoteProtocol()) {
|
||||
const warning = `This renderer process has "enableRemoteModule" enabled
|
||||
|
|
|
@ -174,10 +174,6 @@ WebContentsPreferences::~WebContentsPreferences() {
|
|||
}
|
||||
|
||||
void WebContentsPreferences::SetDefaults() {
|
||||
#if BUILDFLAG(ENABLE_REMOTE_MODULE)
|
||||
SetDefaultBoolIfUndefined(options::kEnableRemoteModule, true);
|
||||
#endif
|
||||
|
||||
if (IsEnabled(options::kSandbox)) {
|
||||
SetBool(options::kNativeWindowOpen, true);
|
||||
}
|
||||
|
@ -331,7 +327,7 @@ void WebContentsPreferences::AppendCommandLineSwitches(
|
|||
|
||||
#if BUILDFLAG(ENABLE_REMOTE_MODULE)
|
||||
// Whether to enable the remote module
|
||||
if (IsEnabled(options::kEnableRemoteModule))
|
||||
if (IsEnabled(options::kEnableRemoteModule, true))
|
||||
command_line->AppendSwitch(switches::kEnableRemoteModule);
|
||||
#endif
|
||||
|
||||
|
|
Loading…
Reference in a new issue