* docs: First draft of perf checklist
* docs: More words
* docs: Use standard in code example
* docs: fix broken link
* Update docs/tutorial/performance.md
Co-Authored-By: Charles Kerr <ckerr@github.com>
* Update docs/tutorial/performance.md
Co-Authored-By: Charles Kerr <ckerr@github.com>
* Update docs/tutorial/performance.md
Co-Authored-By: loc <andy@slack-corp.com>
* Update docs/tutorial/performance.md
Co-Authored-By: loc <andy@slack-corp.com>
* docs: Implement suggestions
* docs: Include VSCode talk
* chore: Pass linter
* Update docs/tutorial/performance.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/performance.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/performance.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/performance.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/performance.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/performance.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Apply suggestions from code review
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update performance.md
* fix: The process link
Versions didn't show and I was getting errors in the Developer Tools: `Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"`. The cause is probably that Chrome has implemented extra security since this tutorial was created. Added 'unsafe-inline' and it works.
* docs: Add recent Electron version to security checklist
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/tutorial/security.md
Co-Authored-By: Pedro Pontes <pepontes@microsoft.com>
* Update docs/tutorial/security.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
I've asked #19775 because I was frustrated with how hard it was to find a way to fix (instead of hide) the CSP warning in Electron and I complained that even the official quick start guide wasn't compliant with the security checklist at https://electronjs.org/docs/tutorial/security. Someone helped me out with a CSP meta tag which I have later noticed is indeed mentioned in the checklist, too: https://electronjs.org/docs/tutorial/security#csp-meta-tag. I have not used the checklist one verbatim because it prevents a `script` tag from working when serving `index.html` through the `file:` protocol as the quick start does. I instead used the one the person in my issue recommended which seems to work well to me. I am not that well versed in CSP so there might be a better policy to include with the quick start, but this is what I've got for now.
4d8a055 (#19226) introduced incorrect instructions for 'opting out' of dark mode in Electron 7.0.0 and for enabling it on older versions. The boolean values for the `NSRequiresAquaSystemAppearance` key were inverted.
This adds the NSRequiresAquaSystemAppearance key to our default Info.plist file which will tell macOS to auto-switch our effectiveAppearance in sync with the OS. The dark mode documentation has been updated to reflect how to opt *out* of this but it is also noted that certain dark mode APIs will not work on Catalina if you opt out.
The `flatten` option has been removed from electron-windows-store dcc654df2e so running the command would produce an error:
> error: unknwon option --flatten
* docs: Update Guides & Tutorials section
* docs: Update the list of docs
* Update docs/README.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/README.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/README.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* Update docs/README.md
Co-Authored-By: Mark Lee <malept@users.noreply.github.com>
* docs: Implement feedback
* Update mojave-dark-mode-guide.md
Add info about dark mode support in electron-builder
* Update mojave-dark-mode-guide.md
* Update mojave-dark-mode-guide.md
* build: [m67] enable widevine support
* fix: remove plugin cache reset hack
It was added in (#8907) to make widevine cdm shows up in
navigator.plugins, since widevine support is no longer
enabled by a plugin it can be removed safely.
* feat: allow all nonbreaking changes during beta
Changes the version policy: currently only nonbreaking bug/security
fixes are allowed during beta. This change would allow all nonbreaking
changes, e.g. new features, during beta.
* refactor: clarify criteria for changes during beta
* Update electron-versioning.md
* docs: chrome-command-line-switches.md: update proxy-server support
Per issue #12443, the proxy URL in proxy-server switch would not
support username and password authentication.
* docs: security.md: correct checklist #14 markdown
When running "npm run lint:docs" script, linting warning suggests
"Broken links: #13-disable-or-limit-creation-of-new-windows". Update
accordingly to #14.
The `url` module is not a constructor; change `require('url')` to
`require('url').URL`. Also, check the entire origin rather than just
the hostname, since otherwise `http://my-own-server.com` is allowed in
addition to `https://my-own-server.com`, in violation of point 1 (only
load secure content).
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
