Security warning in the console of BrowserWindow (electron ^9.2.0)

webFrame.executeJavaScript and contextIsolation

Add the following setting to your BrowserWindow in main.js

webPreferences { worldSafeExecuteJavaScript: true, contextIsolation: true }

For reference, see:

  • https://www.electronjs.org/docs/api/browser-window#class-browserwindow

Insecure Content-Security-Policy

Add the following to the head of your index.html and any other html pages if you are loading locally

<meta http-equiv="Content-Security-Policy" content="script-src 'self'">

For reference, see:

  • https://www.electronjs.org/docs/tutorial/security#6-define-a-content-security-policy
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

First add a CSP policy, like this one:

    <meta http-equiv="Content-Security-Policy" content="default-src 'self'">

This may break some scripts, but it's better to do this. Also you can enable unsafe-inline

  1. See electron's security recommendations

Tags:

Javascript

Electron

Related

Raku: effect of capture markers is lost "higher up" Why can I call a function from another file (with warning) but cannot use a variable from another file without declaring it? How can I generate sorted uniformly distributed random numbers efficiently in C++? How to get the length of all non-nested items in nested arrays? How to fix error- nodemon.ps1 cannot be loaded because running scripts is disabled on this system, (without security risk)? Why was std::ranges::less introduced? Do modules prevent the need to use the DOMContentLoaded listener? CSS Slide Animation on Fullscreen Images Why does division by 3 require a rightshift (and other oddities) on x86? GO - Docker ask certificate on K8S container Angular tree shaking not stripping dev code, what things should I look for? 405 Method Not Allowed when deploying artifact to Nexus

Recent Posts