Merge branch 'wiederkehr-feature/disable-web-security' into development

README.md

@@ -230,6 +230,13 @@ If this flag is passed, it will not override the user agent.
 ```
 Forces the packaged app to ignore certificate errors.
 
+#### [disable-web-security]
+
+```
+--disable-web-security
+```
+Forces the packaged app to ignore web security errors.
+
 ## Programmatic API
 
 You can use the Nativefier programmatic API as well.
@@ -260,6 +267,7 @@ var options = {
     showMenuBar: false,
     userAgent: null,
     insecure: false,
+    disableWebSecurity: false,
     honest: false
 };
 

app/src/components/mainWindow/mainWindow.js

@@ -36,6 +36,7 @@ function createMainWindow(options, onAppQuit, setDockBadge) {
             plugins: true,
             // node globals causes problems with sites like messenger.com
             nodeIntegration: false,
+            webSecurity: !options.disableWebSecurity,
             preload: path.join(__dirname, 'static', 'preload.js')
         },
         // after webpack path here should reference `resources/app/`

src/build/buildApp.js

@@ -39,7 +39,7 @@ function changeAppPackageJsonName(appPath, name) {
 /**
  * Only picks certain app args to pass to nativefier.json
  * @param options
- * @returns {{name: (*|string), targetUrl: (string|*), counter: *, width: *, height: *, showMenuBar: *, userAgent: *, nativefierVersion: *, insecure: *}}
+ * @returns {{name: (*|string), targetUrl: (string|*), counter: *, width: *, height: *, showMenuBar: *, userAgent: *, nativefierVersion: *, insecure: *, disableWebSecurity: *}}
  */
 function selectAppArgs(options) {
     return {
@@ -51,7 +51,8 @@ function selectAppArgs(options) {
         showMenuBar: options.showMenuBar,
         userAgent: options.userAgent,
         nativefierVersion: options.nativefierVersion,
-        insecure: options.insecure
+        insecure: options.insecure,
+        disableWebSecurity: options.disableWebSecurity
     };
 }
 

src/cli.js

@@ -29,6 +29,7 @@ if (require.main === module) {
         .option('-u, --user-agent <value>', 'set the user agent string for the app')
         .option('--honest', 'prevent the nativefied app from changing the user agent string to masquerade as a regular chrome browser')
         .option('--insecure', 'ignore certificate related errors')
+        .option('--disable-web-security', 'enable loading of insecure content, defaults to false')
         .parse(process.argv);
 
     if (!process.argv.slice(2).length) {

src/options/optionsMain.js

@@ -46,7 +46,8 @@ function optionsFactory(inpOptions, callback) {
         height: inpOptions.height || 800,
         showMenuBar: inpOptions.showMenuBar || false,
         userAgent: inpOptions.userAgent || getFakeUserAgent(),
-        insecure: inpOptions.insecure || false
+        insecure: inpOptions.insecure || false,
+        disableWebSecurity: inpOptions.disableWebSecurity || false
     };
 
     if (inpOptions.honest) {