Commit graph

15 commits

Author SHA1 Message Date
Milan Burda
b50f86ef43 refactor: use separate ipc-renderer-internal / ipc-main-internal APIs for Electron internals () 2018-10-07 00:48:00 +13:00
Milan Burda
5efb0fdff1 feat: add security warnings to sandboxed renderers ()
Also refactor not to use the remote module.
2018-10-03 21:36:12 +02:00
Samuel Attard
176a76217c
chore: have 'use strict' consistently across our lib files () 2018-09-23 00:28:50 +12:00
Samuel Attard
32a9df2940
refactor: clean up the default app implementation ()
* Disable nodeIntegration
* Enable contextIsolation
* Re-implement the CSP security check to handle running in
contextIsolation
* Disable bad DCHECKS for the promise helper
* Remove the unused "-d" flag for the electron binary
* Added a way to hide the default help output for electron devs who
don't want to see it every time
2018-09-21 15:24:42 +10:00
Samuel Attard
558fff69e7
chore: update to standard 12 2018-09-14 14:57:01 +10:00
Samuel Attard
1b7418fb7b
Revert "sec: deprecate some webPreference defaults to be secure-by-default ()" ()
This reverts commit 66d6ba8689.
2018-08-30 09:57:49 +12:00
Samuel Attard
66d6ba8689 sec: deprecate some webPreference defaults to be secure-by-default ()
* feat: deprecate default value of nodeIntegration

* Use DeprecationStatus::Stable as the default instead of shadowing

* change wording of deprecations

* chore: also deprecate kWebviewTag and kContextIsolation

* chore: do as we preach, lets be secure-by-default in the default app
2018-08-29 13:14:04 -05:00
Charles Kerr
29f07889e6
feat: add location url to "Node.js Integration with Remote Content" warning ()
* docs: fix typo

* feat: add location url to Node+Remote warning
2018-08-07 20:40:21 -05:00
Shelley Vohr
6045d1218a
refactor: remove experimentalCanvasFeatures property () 2018-07-16 13:32:42 -07:00
Shelley Vohr
322a303683
address changes from review 2018-05-23 15:57:58 -07:00
Shelley Vohr
5f5322c64e
rename blinkFeatures to enableBlinkFeatures 2018-05-23 14:01:34 -07:00
Felix Rieseberg
243ab45111 🔧 Fix security warning () 2018-03-16 06:21:38 +09:00
Charles Kerr
c2673aa970 Set appropriate defaults for webview options ()
* Persist defaults to webPreferences object to JS land can read the inferred values instead of just user defined values

* Test inherited default propogation

* Refactor to remove coupling from fetching values and defaults

* Test description type

* Fix up tests
2018-03-15 13:56:46 +09:00
Felix Rieseberg
71795ecc62 fix: Incorrect warnings in webviews ()
* 🔧 Get correct webContents

* 🔧 Err, webPreferences
2018-03-13 10:55:32 +09:00
Felix Rieseberg
d586ef2f39 feature: Hot security tips ()
* 🔧 Add security issue detection (and logs)

* 🔧 Check for it on load

* 👷 Add some tests

* 👷 Make the linter happy

* 🔧 Allow them to be enabled by force

* 📝 Make message slightly prettier

* 🔧 Fix a typo in the code comment

* 🔧 Classic mistake

* 🚀 Optimize things a bit more

* 👷 Add tests, fix tests

* 📝 Document things

* 🔧 Make linter happy

* 🔧 One more piece of cleanup
2018-02-03 07:50:12 -07:00