I want my application to have maximum electron security except I need "webSecurity": false
Like this:
mainWindow = new BrowserWindow({
show: false,
width: 1500,
height: 1600,
"webPreferences": {
"nodeIntegration": false,
"contextIsolation": true,
"sandbox": true,
"webSecurity": false
}
});
Unforauntely this boilerplate template seems to not run without nodejs integration true, contextisolation false and sandbox false. Is that right?
I am getting Uncaught ReferenceError: process is not defined
When I turn these security settings on.
As advised here https://www.blackhat.com/docs/us-17/thursday/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
and
https://electron.atom.io/docs/api/browser-window/
Am I correct to understand this electron-react-boilerplate project is NOT focused on security?
Hey @bootrino I'm pretty sure most of those preferences don't work well in Electron. The API page says sandbox and contextIsolation are experimental and also
a sandboxed renderer does not have a Node.js environment running (with
the exception of preload scripts) and the renderers can only make changes to the
system by delegating tasks to the main process via IPC
So I really think you won't be lucky with those preferences in a boilerplate which isn't totally focused on security.