feat: move webFrame scheme privilege methods to main process (#16416)
* chore: deprecate webFrame.registerURLSchemeAsPrivileged * Add register schemes protocol api * update branch to enable browser process API * Revert deprecation changes * Fetch API support * Updated api to take an array, still working on tests * Update tests * Remove web frame API * Minor changes * update scheme registrations on browser and renderer process * fix: enable ses.getBlobData spec * Update breaking changes doc
This commit is contained in:
parent
257de6a963
commit
940c4c0787
19 changed files with 319 additions and 319 deletions
|
@ -57,6 +57,11 @@ The following `webPreferences` option default values are deprecated in favor of
|
|||
|
||||
Child windows opened with the `nativeWindowOpen` option will always have Node.js integration disabled.
|
||||
|
||||
## Privileged Schemes Registration
|
||||
|
||||
Renderer process APIs `webFrame.setRegisterURLSchemeAsPrivileged` and `webFrame.registerURLSchemeAsBypassingCSP` as well as browser process API `protocol.registerStandardSchemes` have been removed.
|
||||
A new API, `protocol.registerSchemesAsPrivileged` has been added and should be used for registering custom schemes with the required privileges. Custom schemes are required to be registered before app ready.
|
||||
|
||||
# Planned Breaking API Changes (4.0)
|
||||
|
||||
The following list includes the breaking API changes planned for Electron 4.0.
|
||||
|
|
|
@ -28,12 +28,26 @@ of the `app` module gets emitted.
|
|||
|
||||
The `protocol` module has the following methods:
|
||||
|
||||
### `protocol.registerStandardSchemes(schemes[, options])`
|
||||
### `protocol.registerSchemesAsPrivileged(schemes[, options])`
|
||||
|
||||
* `schemes` String[] - Custom schemes to be registered as standard schemes.
|
||||
* `options` Object (optional)
|
||||
* `secure` Boolean (optional) - `true` to register the scheme as secure.
|
||||
Default `false`.
|
||||
* `custom_schemes` [CustomScheme[]](structures/custom-scheme.md)
|
||||
|
||||
|
||||
**Note:** This method can only be used before the `ready` event of the `app`
|
||||
module gets emitted and can be called only once.
|
||||
|
||||
Registers the `scheme` as standard, secure, bypasses content security policy for resources,
|
||||
allows registering ServiceWorker and supports fetch API.
|
||||
|
||||
Specify an option with the value of `true` to enable the capability.
|
||||
An example of registering a privileged scheme, with bypassing Content Security Policy:
|
||||
|
||||
```javascript
|
||||
const { protocol } = require('electron')
|
||||
protocol.registerSchemesAsPrivileged([
|
||||
{ scheme: 'foo', options: { bypassCSP: true } }
|
||||
])
|
||||
```
|
||||
|
||||
A standard scheme adheres to what RFC 3986 calls [generic URI
|
||||
syntax](https://tools.ietf.org/html/rfc3986#section-3). For example `http` and
|
||||
|
@ -59,23 +73,7 @@ error for the scheme.
|
|||
|
||||
By default web storage apis (localStorage, sessionStorage, webSQL, indexedDB, cookies)
|
||||
are disabled for non standard schemes. So in general if you want to register a
|
||||
custom protocol to replace the `http` protocol, you have to register it as a standard scheme:
|
||||
|
||||
```javascript
|
||||
const { app, protocol } = require('electron')
|
||||
|
||||
protocol.registerStandardSchemes(['atom'])
|
||||
app.on('ready', () => {
|
||||
protocol.registerHttpProtocol('atom', '...')
|
||||
})
|
||||
```
|
||||
|
||||
**Note:** This method can only be used before the `ready` event of the `app`
|
||||
module gets emitted.
|
||||
|
||||
### `protocol.registerServiceWorkerSchemes(schemes)`
|
||||
|
||||
* `schemes` String[] - Custom schemes to be registered to handle service workers.
|
||||
custom protocol to replace the `http` protocol, you have to register it as a standard scheme.
|
||||
|
||||
### `protocol.registerFileProtocol(scheme, handler[, completion])`
|
||||
|
||||
|
|
10
docs/api/structures/custom-scheme.md
Normal file
10
docs/api/structures/custom-scheme.md
Normal file
|
@ -0,0 +1,10 @@
|
|||
# CustomScheme Object
|
||||
|
||||
* `scheme` String - Custom schemes to be registered with options.
|
||||
* `options` Object (optional)
|
||||
* `standard` Boolean (optional) - Default false.
|
||||
* `secure` Boolean (optional) - Default false.
|
||||
* `bypassCSP` Boolean (optional) - Default false.
|
||||
* `allowServiceWorkers` Boolean (optional) - Default false.
|
||||
* `supportFetchAPI` Boolean (optional) - Default false.
|
||||
* `corsEnabled` Boolean (optional) - Default false.
|
|
@ -95,34 +95,6 @@ webFrame.setSpellCheckProvider('en-US', {
|
|||
})
|
||||
```
|
||||
|
||||
### `webFrame.registerURLSchemeAsBypassingCSP(scheme)`
|
||||
|
||||
* `scheme` String
|
||||
|
||||
Resources will be loaded from this `scheme` regardless of the current page's
|
||||
Content Security Policy.
|
||||
|
||||
### `webFrame.registerURLSchemeAsPrivileged(scheme[, options])`
|
||||
|
||||
* `scheme` String
|
||||
* `options` Object (optional)
|
||||
* `secure` Boolean (optional) - Default true.
|
||||
* `bypassCSP` Boolean (optional) - Default true.
|
||||
* `allowServiceWorkers` Boolean (optional) - Default true.
|
||||
* `supportFetchAPI` Boolean (optional) - Default true.
|
||||
* `corsEnabled` Boolean (optional) - Default true.
|
||||
|
||||
Registers the `scheme` as secure, bypasses content security policy for resources,
|
||||
allows registering ServiceWorker and supports fetch API.
|
||||
|
||||
Specify an option with the value of `false` to omit it from the registration.
|
||||
An example of registering a privileged scheme, without bypassing Content Security Policy:
|
||||
|
||||
```javascript
|
||||
const { webFrame } = require('electron')
|
||||
webFrame.registerURLSchemeAsPrivileged('foo', { bypassCSP: false })
|
||||
```
|
||||
|
||||
### `webFrame.insertText(text)`
|
||||
|
||||
* `text` String
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue