mirror of
https://github.com/Llewellynvdm/nativefier.git
synced 2024-11-13 16:46:26 +00:00
ca7d25f432
Copy-pastaing details from [Electron 12 breaking changes](https://www.electronjs.org/docs/latest/breaking-changes#planned-breaking-api-changes-120): > ### Default Changed: `contextIsolation` defaults to `true`[](https://www.electronjs.org/docs/latest/breaking-changes#default-changed-contextisolation-defaults-to-true "Direct link to heading") > > In Electron 12, `contextIsolation` will be enabled by default. To restore the previous behavior, `contextIsolation: false` must be specified in WebPreferences. > > We [recommend having contextIsolation enabled](https://www.electronjs.org/docs/latest/tutorial/security#3-enable-context-isolation-for-remote-content) for the security of your application. > > Another implication is that `require()` cannot be used in the renderer process unless `nodeIntegration` is `true` and `contextIsolation` is `false`. > > For more details see: [https://github.com/electron/electron/issues/23506](https://github.com/electron/electron/issues/23506) I find the security drop acceptable, as reverting the new Electron 12 isolation brings us to the previous level of security, and I don't have the time/will to keep the isolation and migrate to the newer better safer thing that Electron >= 12 wants. Co-authored-by: Radomír Polách <rp@t4d.cz> |
||
|---|---|---|
| .. | ||
| inject | ||
| src | ||
| .eslintrc.js | ||
| nativefier.json | ||
| npm-shrinkwrap.json | ||
| package.json | ||
| tsconfig.json | ||
| webpack.config.js | ||