fix: allow accessing file:// when web security is disabled (#28489)

* fix: allow accessing file:// when web security is disabled * test: fix webview tests on web security * chore: remove unused attributes * chore: cleanup RegisterURLLoaderFactories method
2021-04-07 10:46:23 +09:00 · 2021-04-07 10:46:23 +09:00 · e454bded3c
commit e454bded3c
parent fe0da255b6
5 changed files with 100 additions and 54 deletions
--- a/spec-main/chromium-spec.ts
+++ b/spec-main/chromium-spec.ts
@ -287,6 +287,39 @@ describe('web security', () => {
    expect(response).to.equal('passed');
  });

+  describe('accessing file://', () => {
+    async function loadFile (w: BrowserWindow) {
+      const thisFile = url.format({
+        pathname: __filename.replace(/\\/g, '/'),
+        protocol: 'file',
+        slashes: true
+      });
+      await w.loadURL(`data:text/html,<script>
+          function loadFile() {
+            return new Promise((resolve) => {
+              fetch('${thisFile}').then(
+                () => resolve('loaded'),
+                () => resolve('failed')
+              )
+            });
+          }
+        </script>`);
+      return await w.webContents.executeJavaScript('loadFile()');
+    }
+
+    it('is forbidden when web security is enabled', async () => {
+      const w = new BrowserWindow({ show: false, webPreferences: { webSecurity: true } });
+      const result = await loadFile(w);
+      expect(result).to.equal('failed');
+    });
+
+    it('is allowed when web security is disabled', async () => {
+      const w = new BrowserWindow({ show: false, webPreferences: { webSecurity: false } });
+      const result = await loadFile(w);
+      expect(result).to.equal('loaded');
+    });
+  });
+
  it('does not crash when multiple WebContent are created with web security disabled', () => {
    const options = { show: false, webPreferences: { webSecurity: false } };
    const w1 = new BrowserWindow(options);