* fix: disable remote host nodeIntegration warning for localhost
In warnAboutNodeWithRemoteContent(), add a check to see if the hostname
is "localhost" and prevent the warning message if it is.
* fix: disable loading insecure resources warning for localhost
In warnAboutInsecureResources(), filter out resources from localhost
since they are most likely not a threat.
* test: add tests for ignoring security warnings when using localhost
Add tests for ignoring warning messages for the following scenarios:
1. node integration with remote content from localhost
2. loading insecure resources from localhost
* test: fix insecure resource test
* test: pass nodeIntegration with remote test on did-finish-load
* test: maybe fix node integration test (error w/ conv circular struct)
* test: update test description
* test: use "load" event to check when nodeIntegration test has finished
Instead of relying on the "did-finish-load" event, which may result in
a race condition, add an "onload" handler that logs "loaded" to the
console. This will execute _after_ the nodeIntegration check, so it
can be safely used as a signal to indicate that the test is done.
* test: rename base-page-security-load-message.html
* fix: ignore enabled remote module warning for localhost
* refactor: add isLocalhost()
* refactor: bundle the browser and renderer process electron code
* Bundles browser/init and renderer/init
* Improves load performance of main process by ~40%
* Improves load performance of renderer process by ~30%
* Prevents users from importing our "requiring" our internal logic such
as ipc-main-internal. This makes those message buses safer as they are
less accessible, there is still some more work to be done though to lock
down those buses completely.
* The electron.asar file now only contains 2 files, as a future
improvement maybe we can use atom_natives to ship these two files
embedded in the binary
* This also removes our dependency on browserify which had some strange
edge cases that caused us to have to hack around require-order and
stopped us using certain ES6/7 features we should have been able to use
(async / await in some files in the sandboxed renderer init script)
TLDR: Things are faster and better :)
* fix: I really do not want to talk about it
* chore: add performance improvements from debugging
* fix: resolve the provided path so webpack thinks it is absolute
* chore: fixup per PR review
* fix: use webpacks ProvidePlugin to keep global, process and Buffer alive after deletion from global scope for use in internal code
* fix: bundle worker/init as well to make node-in-workers work
* chore: update wording as per feedback
* chore: make the timers hack work when yarn is not used
* refactor: Port security-warnings to TypeScript
* chore: make aliasify work on .ts files as well
* refactor: Implement feedback <3
* refactor: Correctly call executeJavaScript
2019-02-16 17:06:30 -08:00
Renamed from lib/renderer/security-warnings.js (Browse further)
