From 2e1531ad905c008f575a1333f0091e44702827f1 Mon Sep 17 00:00:00 2001 From: Jeremy Apthorp Date: Sun, 12 Jan 2020 22:23:03 -0800 Subject: [PATCH] feat: warn when remote is used without enableRemoteModule: true (#21546) * feat: warn when remote is used without enableRemoteModule: true * fix security warning --- lib/browser/remote/server.ts | 2 +- lib/renderer/api/remote.js | 9 +++++++++ lib/renderer/security-warnings.ts | 4 +++- shell/browser/web_contents_preferences.cc | 6 +----- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/lib/browser/remote/server.ts b/lib/browser/remote/server.ts index c790320eba73..ed29c8c836f7 100644 --- a/lib/browser/remote/server.ts +++ b/lib/browser/remote/server.ts @@ -321,7 +321,7 @@ const unwrapArgs = function (sender: electron.WebContents, frameId: number, cont const isRemoteModuleEnabledImpl = function (contents: electron.WebContents) { const webPreferences = (contents as any).getLastWebPreferences() || {} - return !!webPreferences.enableRemoteModule + return webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : true } const isRemoteModuleEnabledCache = new WeakMap() diff --git a/lib/renderer/api/remote.js b/lib/renderer/api/remote.js index 618233e5c0d4..0482a7f3f673 100644 --- a/lib/renderer/api/remote.js +++ b/lib/renderer/api/remote.js @@ -13,6 +13,15 @@ const remoteObjectCache = v8Util.createIDWeakMap() // An unique ID that can represent current context. const contextId = v8Util.getHiddenValue(global, 'contextId') +ipcRendererInternal.invoke('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES').then(preferences => { + console.log(preferences) + if (!preferences.enableRemoteModule) { + console.warn('%cElectron Deprecation Warning', 'font-weight: bold', "The 'remote' module is deprecated and will be disabled by default in a future version of Electron. To ensure a smooth upgrade and silence this warning, specify {enableRemoteModule: true} in the WebPreferences for this window.") + } +}, (err) => { + console.error('Failed to get web preferences:', err) +}) + // Notify the main process when current context is going to be released. // Note that when the renderer process is destroyed, the message may not be // sent, we also listen to the "render-view-deleted" event in the main process diff --git a/lib/renderer/security-warnings.ts b/lib/renderer/security-warnings.ts index b917f8af3b55..0eee4ad7dbfc 100644 --- a/lib/renderer/security-warnings.ts +++ b/lib/renderer/security-warnings.ts @@ -268,7 +268,9 @@ const warnAboutAllowedPopups = function () { // Logs a warning message about the remote module const warnAboutRemoteModuleWithRemoteContent = function (webPreferences?: Electron.WebPreferences) { - if (!webPreferences || !webPreferences.enableRemoteModule || isLocalhost()) return + if (!webPreferences || isLocalhost()) return + const remoteModuleEnabled = webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : true + if (!remoteModuleEnabled) return if (getIsRemoteProtocol()) { const warning = `This renderer process has "enableRemoteModule" enabled diff --git a/shell/browser/web_contents_preferences.cc b/shell/browser/web_contents_preferences.cc index 05e9bda244f6..7a6efae823fe 100644 --- a/shell/browser/web_contents_preferences.cc +++ b/shell/browser/web_contents_preferences.cc @@ -174,10 +174,6 @@ WebContentsPreferences::~WebContentsPreferences() { } void WebContentsPreferences::SetDefaults() { -#if BUILDFLAG(ENABLE_REMOTE_MODULE) - SetDefaultBoolIfUndefined(options::kEnableRemoteModule, true); -#endif - if (IsEnabled(options::kSandbox)) { SetBool(options::kNativeWindowOpen, true); } @@ -331,7 +327,7 @@ void WebContentsPreferences::AppendCommandLineSwitches( #if BUILDFLAG(ENABLE_REMOTE_MODULE) // Whether to enable the remote module - if (IsEnabled(options::kEnableRemoteModule)) + if (IsEnabled(options::kEnableRemoteModule, true)) command_line->AppendSwitch(switches::kEnableRemoteModule); #endif