feat: warn when remote is used without enableRemoteModule: true (#21546)

* feat: warn when remote is used without enableRemoteModule: true

* fix security warning
This commit is contained in:
Jeremy Apthorp 2020-01-12 22:23:03 -08:00 committed by Cheng Zhao
parent 2f394d46c7
commit 2e1531ad90
4 changed files with 14 additions and 7 deletions

View file

@ -321,7 +321,7 @@ const unwrapArgs = function (sender: electron.WebContents, frameId: number, cont
const isRemoteModuleEnabledImpl = function (contents: electron.WebContents) { const isRemoteModuleEnabledImpl = function (contents: electron.WebContents) {
const webPreferences = (contents as any).getLastWebPreferences() || {} const webPreferences = (contents as any).getLastWebPreferences() || {}
return !!webPreferences.enableRemoteModule return webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : true
} }
const isRemoteModuleEnabledCache = new WeakMap() const isRemoteModuleEnabledCache = new WeakMap()

View file

@ -13,6 +13,15 @@ const remoteObjectCache = v8Util.createIDWeakMap()
// An unique ID that can represent current context. // An unique ID that can represent current context.
const contextId = v8Util.getHiddenValue(global, 'contextId') const contextId = v8Util.getHiddenValue(global, 'contextId')
ipcRendererInternal.invoke('ELECTRON_BROWSER_GET_LAST_WEB_PREFERENCES').then(preferences => {
console.log(preferences)
if (!preferences.enableRemoteModule) {
console.warn('%cElectron Deprecation Warning', 'font-weight: bold', "The 'remote' module is deprecated and will be disabled by default in a future version of Electron. To ensure a smooth upgrade and silence this warning, specify {enableRemoteModule: true} in the WebPreferences for this window.")
}
}, (err) => {
console.error('Failed to get web preferences:', err)
})
// Notify the main process when current context is going to be released. // Notify the main process when current context is going to be released.
// Note that when the renderer process is destroyed, the message may not be // Note that when the renderer process is destroyed, the message may not be
// sent, we also listen to the "render-view-deleted" event in the main process // sent, we also listen to the "render-view-deleted" event in the main process

View file

@ -268,7 +268,9 @@ const warnAboutAllowedPopups = function () {
// Logs a warning message about the remote module // Logs a warning message about the remote module
const warnAboutRemoteModuleWithRemoteContent = function (webPreferences?: Electron.WebPreferences) { const warnAboutRemoteModuleWithRemoteContent = function (webPreferences?: Electron.WebPreferences) {
if (!webPreferences || !webPreferences.enableRemoteModule || isLocalhost()) return if (!webPreferences || isLocalhost()) return
const remoteModuleEnabled = webPreferences.enableRemoteModule != null ? !!webPreferences.enableRemoteModule : true
if (!remoteModuleEnabled) return
if (getIsRemoteProtocol()) { if (getIsRemoteProtocol()) {
const warning = `This renderer process has "enableRemoteModule" enabled const warning = `This renderer process has "enableRemoteModule" enabled

View file

@ -174,10 +174,6 @@ WebContentsPreferences::~WebContentsPreferences() {
} }
void WebContentsPreferences::SetDefaults() { void WebContentsPreferences::SetDefaults() {
#if BUILDFLAG(ENABLE_REMOTE_MODULE)
SetDefaultBoolIfUndefined(options::kEnableRemoteModule, true);
#endif
if (IsEnabled(options::kSandbox)) { if (IsEnabled(options::kSandbox)) {
SetBool(options::kNativeWindowOpen, true); SetBool(options::kNativeWindowOpen, true);
} }
@ -331,7 +327,7 @@ void WebContentsPreferences::AppendCommandLineSwitches(
#if BUILDFLAG(ENABLE_REMOTE_MODULE) #if BUILDFLAG(ENABLE_REMOTE_MODULE)
// Whether to enable the remote module // Whether to enable the remote module
if (IsEnabled(options::kEnableRemoteModule)) if (IsEnabled(options::kEnableRemoteModule, true))
command_line->AppendSwitch(switches::kEnableRemoteModule); command_line->AppendSwitch(switches::kEnableRemoteModule);
#endif #endif