feat: remove BrowserWindow option inheritance (#28550)

lib/browser/guest-window-manager.ts

@@ -198,39 +198,37 @@ const securityWebPreferences: { [key: string]: boolean } = {
   enableWebSQL: false
 };
 
-function makeBrowserWindowOptions ({ embedder, features, overrideOptions, useDeprecatedBehaviorForOptionInheritance = true }: {
+function makeBrowserWindowOptions ({ embedder, features, overrideOptions }: {
   embedder: WebContents,
   features: string,
   overrideOptions?: BrowserWindowConstructorOptions,
-  useDeprecatedBehaviorForOptionInheritance?: boolean
 }) {
   const { options: parsedOptions, webPreferences: parsedWebPreferences } = parseFeatures(features);
 
-  const deprecatedInheritedOptions = getDeprecatedInheritedOptions(embedder);
-
   return {
     options: {
-      ...(useDeprecatedBehaviorForOptionInheritance && deprecatedInheritedOptions),
       show: true,
       width: 800,
       height: 600,
       ...parsedOptions,
       ...overrideOptions,
-      webPreferences: makeWebPreferences({ embedder, insecureParsedWebPreferences: parsedWebPreferences, secureOverrideWebPreferences: overrideOptions && overrideOptions.webPreferences, useDeprecatedBehaviorForOptionInheritance: true })
+      webPreferences: makeWebPreferences({
+        embedder,
+        insecureParsedWebPreferences: parsedWebPreferences,
+        secureOverrideWebPreferences: overrideOptions && overrideOptions.webPreferences
+      })
     } as Electron.BrowserViewConstructorOptions
   };
 }
 
-export function makeWebPreferences ({ embedder, secureOverrideWebPreferences = {}, insecureParsedWebPreferences: parsedWebPreferences = {}, useDeprecatedBehaviorForOptionInheritance = true }: {
+export function makeWebPreferences ({ embedder, secureOverrideWebPreferences = {}, insecureParsedWebPreferences: parsedWebPreferences = {} }: {
   embedder: WebContents,
   insecureParsedWebPreferences?: ReturnType<typeof parseFeatures>['webPreferences'],
   // Note that override preferences are considered elevated, and should only be
   // sourced from the main process, as they override security defaults. If you
   // have unvetted prefs, use parsedWebPreferences.
   secureOverrideWebPreferences?: BrowserWindowConstructorOptions['webPreferences'],
-  useDeprecatedBehaviorForOptionInheritance?: boolean
 }) {
-  const deprecatedInheritedOptions = getDeprecatedInheritedOptions(embedder);
   const parentWebPreferences = embedder.getLastWebPreferences();
   const securityWebPreferencesFromParent = (Object.keys(securityWebPreferences).reduce((map, key) => {
     if (securityWebPreferences[key] === parentWebPreferences[key as keyof Electron.WebPreferences]) {
@@ -241,7 +239,6 @@ export function makeWebPreferences ({ embedder, secureOverrideWebPreferences = {
   const openerId = parentWebPreferences.nativeWindowOpen ? null : embedder.id;
 
   return {
-    ...(useDeprecatedBehaviorForOptionInheritance && deprecatedInheritedOptions ? deprecatedInheritedOptions.webPreferences : null),
     ...parsedWebPreferences,
     // Note that order is key here, we want to disallow the renderer's
     // ability to change important security options but allow main (via
@@ -254,25 +251,6 @@ export function makeWebPreferences ({ embedder, secureOverrideWebPreferences = {
   };
 }
 
-/**
- * Current Electron behavior is to inherit all options from the parent window.
- * In practical use, this is kind of annoying because consumers have to know
- * about the parent window's preferences in order to unset them and makes child
- * windows even more of an anomaly. In 11.0.0 we will remove this behavior and
- * only critical security preferences will be inherited by default.
- */
-function getDeprecatedInheritedOptions (embedder: WebContents) {
-  if (!embedder.browserWindowOptions) {
-    // If it's a webview, return just the webPreferences.
-    return {
-      webPreferences: embedder.getLastWebPreferences()
-    };
-  }
-
-  const { type, show, ...inheritableOptions } = embedder.browserWindowOptions;
-  return inheritableOptions;
-}
-
 function formatPostDataHeaders (postData: PostData) {
   if (!postData) return;
 

lib/browser/guest-window-proxy.ts

@@ -135,7 +135,7 @@ handleMessage(
 
     if (!windowMethods.has(method)) {
       console.error(
-        `Blocked ${event.sender.getURL()} from calling method: ${method}`
+        `Blocked ${event.senderFrame.url} from calling method: ${method}`
       );
       throw new Error(`Invalid method: ${method}`);
     }

lib/renderer/window-setup.ts

@@ -270,7 +270,24 @@ export const windowSetup = (
     if (contextIsolationEnabled) internalContextBridge.overrideGlobalValueWithDynamicPropsFromIsolatedWorld(['open'], window.open);
   }
 
-  if (openerId != null) {
+  // If this window uses nativeWindowOpen, but its opener window does not, we
+  // need to proxy window.opener in order to let the page communicate with its
+  // opener.
+  // Additionally, windows opened from a nativeWindowOpen child of a
+  // non-nativeWindowOpen parent will initially have their WebPreferences
+  // copied from their opener before having them updated, meaning openerId is
+  // initially incorrect. We detect this situation by checking for
+  // window.opener, which will be non-null for a natively-opened child, so we
+  // can ignore the openerId in that case, since it's incorrectly copied from
+  // the parent. This is, uh, confusing, so here's a diagram that will maybe
+  // help?
+  //
+  // [ grandparent window ] --> [ parent window ] --> [ child window ]
+  //     n.W.O = false             n.W.O = true         n.W.O = true
+  //        id = 1                    id = 2               id = 3
+  //  openerId = null           openerId = 1         openerId = 1  <- !!wrong!!
+  //    opener = null             opener = null        opener = [parent window]
+  if (openerId != null && !window.opener) {
     window.opener = getOrCreateProxy(openerId);
     if (contextIsolationEnabled) internalContextBridge.overrideGlobalValueWithDynamicPropsFromIsolatedWorld(['opener'], window.opener);
   }