feat: move webFrame scheme privilege methods to main process (#16416)

* chore: deprecate webFrame.registerURLSchemeAsPrivileged * Add register schemes protocol api * update branch to enable browser process API * Revert deprecation changes * Fetch API support * Updated api to take an array, still working on tests * Update tests * Remove web frame API * Minor changes * update scheme registrations on browser and renderer process * fix: enable ses.getBlobData spec * Update breaking changes doc
2019-01-28 23:11:01 -08:00 · 2019-01-28 23:11:01 -08:00 · 940c4c0787
commit 940c4c0787
parent 257de6a963
19 changed files with 319 additions and 319 deletions
--- a/docs/api/breaking-changes.md
+++ b/docs/api/breaking-changes.md
@ -57,6 +57,11 @@ The following `webPreferences` option default values are deprecated in favor of

 Child windows opened with the `nativeWindowOpen` option will always have Node.js integration disabled.

+## Privileged Schemes Registration
+
+Renderer process APIs `webFrame.setRegisterURLSchemeAsPrivileged` and `webFrame.registerURLSchemeAsBypassingCSP` as well as browser process API `protocol.registerStandardSchemes` have been removed.
+A new API, `protocol.registerSchemesAsPrivileged` has been added and should be used for registering custom schemes with the required privileges. Custom schemes are required to be registered before app ready.
+
 # Planned Breaking API Changes (4.0)

 The following list includes the breaking API changes planned for Electron 4.0.
--- a/docs/api/protocol.md
+++ b/docs/api/protocol.md
@ -28,12 +28,26 @@ of the `app` module gets emitted.

 The `protocol` module has the following methods:

-### `protocol.registerStandardSchemes(schemes[, options])`
+### `protocol.registerSchemesAsPrivileged(schemes[, options])`

-* `schemes` String[] - Custom schemes to be registered as standard schemes.
-* `options` Object (optional)
-  * `secure` Boolean (optional) - `true` to register the scheme as secure.
-    Default `false`.
+* `custom_schemes` [CustomScheme[]](structures/custom-scheme.md)
+
+
+**Note:** This method can only be used before the `ready` event of the `app`
+module gets emitted and can be called only once.
+
+Registers the `scheme` as standard, secure, bypasses content security policy for resources,
+allows registering ServiceWorker and supports fetch API.
+
+Specify an option with the value of `true` to enable the capability.
+An example of registering a privileged scheme, with bypassing Content Security Policy:
+
+```javascript
+const { protocol } = require('electron')
+protocol.registerSchemesAsPrivileged([
+  { scheme: 'foo', options: { bypassCSP: true } }
+])
+```

 A standard scheme adheres to what RFC 3986 calls [generic URI
 syntax](https://tools.ietf.org/html/rfc3986#section-3). For example `http` and
@ -59,23 +73,7 @@ error for the scheme.

 By default web storage apis (localStorage, sessionStorage, webSQL, indexedDB, cookies)
 are disabled for non standard schemes. So in general if you want to register a
-custom protocol to replace the `http` protocol, you have to register it as a standard scheme:
-
-```javascript
-const { app, protocol } = require('electron')
-
-protocol.registerStandardSchemes(['atom'])
-app.on('ready', () => {
-  protocol.registerHttpProtocol('atom', '...')
-})
-```
-
-**Note:** This method can only be used before the `ready` event of the `app`
-module gets emitted.
-
-### `protocol.registerServiceWorkerSchemes(schemes)`
-
-* `schemes` String[] - Custom schemes to be registered to handle service workers.
+custom protocol to replace the `http` protocol, you have to register it as a standard scheme.

 ### `protocol.registerFileProtocol(scheme, handler[, completion])`

--- a/docs/api/structures/custom-scheme.md
+++ b/docs/api/structures/custom-scheme.md
@ -0,0 +1,10 @@
+# CustomScheme Object
+
+* `scheme` String - Custom schemes to be registered with options.
+* `options` Object (optional)
+  * `standard` Boolean (optional) - Default false.
+  * `secure` Boolean (optional) - Default false.
+  * `bypassCSP` Boolean (optional) - Default false.
+  * `allowServiceWorkers` Boolean (optional) - Default false.
+  * `supportFetchAPI` Boolean (optional) - Default false.
+  * `corsEnabled` Boolean (optional) - Default false.
--- a/docs/api/web-frame.md
+++ b/docs/api/web-frame.md
@ -95,34 +95,6 @@ webFrame.setSpellCheckProvider('en-US', {
 })
 ```

-### `webFrame.registerURLSchemeAsBypassingCSP(scheme)`
-
-* `scheme` String
-
-Resources will be loaded from this `scheme` regardless of the current page's
-Content Security Policy.
-
-### `webFrame.registerURLSchemeAsPrivileged(scheme[, options])`
-
-* `scheme` String
-* `options` Object (optional)
-  * `secure` Boolean (optional) - Default true.
-  * `bypassCSP` Boolean (optional) - Default true.
-  * `allowServiceWorkers` Boolean (optional) - Default true.
-  * `supportFetchAPI` Boolean (optional) - Default true.
-  * `corsEnabled` Boolean (optional) - Default true.
-
-Registers the `scheme` as secure, bypasses content security policy for resources,
-allows registering ServiceWorker and supports fetch API.
-
-Specify an option with the value of `false` to omit it from the registration.
-An example of registering a privileged scheme, without bypassing Content Security Policy:
-
-```javascript
-const { webFrame } = require('electron')
-webFrame.registerURLSchemeAsPrivileged('foo', { bypassCSP: false })
-```
-
 ### `webFrame.insertText(text)`

 * `text` String