Security warning in the console of BrowserWindow (electron ^9.2.0)

webFrame.executeJavaScript and contextIsolation

Add the following setting to your BrowserWindow in main.js

webPreferences { worldSafeExecuteJavaScript: true, contextIsolation: true }

For reference, see:

  • https://www.electronjs.org/docs/api/browser-window#class-browserwindow

Insecure Content-Security-Policy

Add the following to the head of your index.html and any other html pages if you are loading locally

<meta http-equiv="Content-Security-Policy" content="script-src 'self'">

For reference, see:

  • https://www.electronjs.org/docs/tutorial/security#6-define-a-content-security-policy
  • https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

First add a CSP policy, like this one:

    <meta http-equiv="Content-Security-Policy" content="default-src 'self'">

This may break some scripts, but it's better to do this. Also you can enable unsafe-inline

  1. See electron's security recommendations