Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply more Electron security best practices #419

Closed
whitphx opened this issue Dec 4, 2022 · 1 comment · Fixed by #445
Closed

Apply more Electron security best practices #419

whitphx opened this issue Dec 4, 2022 · 1 comment · Fixed by #445

Comments

@whitphx
Copy link
Owner

whitphx commented Dec 4, 2022
edited
Loading

https://www.electronjs.org/docs/latest/tutorial/security
@whitphx
Copy link
Owner Author

whitphx commented Dec 15, 2022
edited
Loading

Currently...

    1. Disable NodeIntegration: ✅ (default since Electron 5.0.0)
    1. Context Isolation: ✅ (default since Electron 12.0.0)
    1. Process Sandboxing
    1. Handle session permission requests from remote content
    1. Do not disable webSecurity: ✅ (default)
    1. Define a Content Security Policy: ✅ (done at fix/desktop csp #408, fix/desktop csp #424, etc )
    1. Do not enable allowRunningInsecureContent: ✅ (default)
    1. Do not enable experimental features: ✅ (default)
    1. Do not use enableBlinkFeatures: ✅ (default)
    1. Do not use allowpopups for WebViews: ✅ (default)

@whitphx whitphx mentioned this issue Dec 15, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Electron security best practices whitphx/stlite
1 participant
@whitphx