From b5239754bafa9a3eb20cd1003ff11f33f7a1d9b5 Mon Sep 17 00:00:00 2001 From: Hari Juturu Date: Wed, 31 May 2017 23:01:14 -0700 Subject: [PATCH] Enable sandbox on webview --- atom/app/atom_main_delegate.cc | 3 --- atom/browser/web_contents_preferences.cc | 14 +++++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/atom/app/atom_main_delegate.cc b/atom/app/atom_main_delegate.cc index 1490b89013..7d29034be8 100644 --- a/atom/app/atom_main_delegate.cc +++ b/atom/app/atom_main_delegate.cc @@ -130,9 +130,6 @@ void AtomMainDelegate::PreSandboxStartup() { // Disable setuid sandbox since it is not longer required on linux(namespace // sandbox is available on most distros). command_line->AppendSwitch(::switches::kDisableSetuidSandbox); - } else { - // Disable renderer sandbox for most of node's functions. - command_line->AppendSwitch(::switches::kNoSandbox); } // Allow file:// URIs to read other file:// URIs by default. diff --git a/atom/browser/web_contents_preferences.cc b/atom/browser/web_contents_preferences.cc index 6c706199fb..ba3be9592d 100644 --- a/atom/browser/web_contents_preferences.cc +++ b/atom/browser/web_contents_preferences.cc @@ -108,11 +108,15 @@ void WebContentsPreferences::AppendExtraCommandLineSwitches( command_line->AppendSwitchASCII(switches::kWebviewTag, webview_tag ? "true" : "false"); - // If the `sandbox` option was passed to the BrowserWindow's webPreferences, - // pass `--enable-sandbox` to the renderer so it won't have any node.js - // integration. - if (IsSandboxed(web_contents)) - command_line->AppendSwitch(switches::kEnableSandbox); + if (IsSandboxed(web_contents)) { + // pass `--enable-sandbox` to the renderer so it won't have any node.js + // integration. + command_line->AppendSwitch(switches::kEnableSandbox); + } + else { + // Disable renderer sandbox for most of node's functions. + command_line->AppendSwitch(::switches::kNoSandbox); + } if (web_preferences.GetBoolean("nativeWindowOpen", &b) && b) command_line->AppendSwitch(switches::kNativeWindowOpen);