Security warning in the console of BrowserWindow (electron ^9.2.0)
webFrame.executeJavaScript and contextIsolation
Add the following setting to your BrowserWindow in main.js
webPreferences { worldSafeExecuteJavaScript: true, contextIsolation: true }
For reference, see:
- https://www.electronjs.org/docs/api/browser-window#class-browserwindow
Insecure Content-Security-Policy
Add the following to the head of your index.html and any other html pages if you are loading locally
<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
For reference, see:
- https://www.electronjs.org/docs/tutorial/security#6-define-a-content-security-policy
- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
First add a CSP policy, like this one:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
This may break some scripts, but it's better to do this. Also you can enable unsafe-inline
- See electron's security recommendations