reference: Note: It is known that having both Content-Security-Policy
and X-Content-Security-Policy or X-Webkit-CSP causes unexpected
behaviours on certain versions of browsers. Please avoid using deprecated
X-* headers. https://content-security-policy.com/
also:
1ad18486ed
* feat: redirect Electron/Chromium cache location
* fix: network services should also use browserData
* test: browserData
* chore: no need to explicitly create dir
* feat: browserData => sessionData
* test: check existings of specific items
* docs: add background on userData and sessionData
Co-authored-by: emmanuel.kimmerlin@thomsonreuters.com <emmanuel.kimmerlin@thomsonreuters.com>
* chore: bump chromium in DEPS to 102.0.4999.0
* 3576640: Set OOM handler during V8 initialization
3576640
* 3574964: Remove deprecated base::Value usage in print_settings_conversion code.
3574964
* 3570062: Replicate Active state to render process for all RenderViews.
3570062
* chore: fixup patch indices
* 3380402: Remove legacy SwiftShader
3380402
* 3570254: [Local Fonts] Rename permission name from FONT_ACCESS to LOCAL_FONTS.
3570254
* 3572172: Rename or remove several parameters involved in creation of MimeHandler streams
3572172
* fix: add missing base/bits include
* chore: fix lint
* chore: remove ia32 Linux support
* chore: patch out swift-format cipd dep on macOS
* build: apply patch better
* build: reset all caches
* build: update zip manifests to remove swiftshared libraries
Refs: 3380402
* Revert "build: update zip manifests to remove swiftshared libraries"
This reverts commit 6aeec01ef1a79425a7b7d8c1cfb131a26b91c494.
* Revert "3380402: Remove legacy SwiftShader"
This reverts commit 4c7eebbbf2d0a459cc192959e17ae20f970c2da2.
* build: remove unused swiftshader egl libraries
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: Samuel Attard <sattard@salesforce.com>
We already document such info for other APIs, like the 'screen' API in
f711fe6b57/docs/api/screen.md (L7-L8).
So we should do the same thing for these ones too.
Signed-off-by: Darshan Sen <raisinten@gmail.com>
* Switch to gender neutral terms
* Update docs/api/web-contents.md
Co-authored-by: Milan Burda <milan.burda@gmail.com>
* Update docs/api/webview-tag.md
Co-authored-by: Milan Burda <milan.burda@gmail.com>
* Update script/release/uploaders/upload.py
Co-authored-by: John Kleinschmidt <jkleinsc@github.com>
* Update docs/tutorial/in-app-purchases.md
Co-authored-by: Milan Burda <milan.burda@gmail.com>
Co-authored-by: inclusive-coding-bot <inclusive-coding-bot@github.com>
Co-authored-by: Milan Burda <milan.burda@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@github.com>
Rule 13 recommends using Node's URL parser for handling url inputs. At
the moment, this is not being followed in the code example for rule 5,
which falls back on checking that the url ends with a '/'. If this was
forgotten when a user copies this code it could introduce security
vulnerabilities if an attacker uses an URL in the following way:
"https://example.com.attacker.com"
Using Node's URL parser fixes this potential missuse and enables the
'/' to be omited from the code example.
Co-authored-by: Baitinq <you@example.com>
