fix: Disable Electron remote module (#554)

* fix: Disable Electron remote module

* Remove duplicate

packages/fether-electron/src/main/app/options/config/index.js

@@ -143,6 +143,10 @@ const SECURITY_OPTIONS = {
      * Reference: https://electronjs.org/docs/tutorial/security
      */
     devTools: !IS_PROD,
+    /**
+     * Disable Electron's remote module.
+     */
+    enableRemoteModule: false,
     /**
      * `nodeIntegration` when enabled allows the software to use Electron's APIs
      * and gain access to Node.js. It must be disabled to restricting access to
@@ -173,7 +177,6 @@ const SECURITY_OPTIONS = {
      * Reference: https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
      */
     sandbox: true, // Do not set to false. Run electron with `electron --enable-sandbox` to sandbox all BrowserWindow instances
-    enableRemoteModule: true, // Remote is required in fether-react parityStore.js
     // Enables same origin policy to prevent execution of insecure code. Do not set to false
     webSecurity: true,
     allowRunningInsecureContent: false, // Do not set to true

packages/fether-electron/static/preload.js

@@ -17,10 +17,10 @@
  * https://github.com/electron/electron/issues/13130
  */
 
-const { ipcRenderer, remote } = require('electron');
+const { ipcRenderer } = require('electron');
 
 const RENDERER_ORIGIN =
-  remote.getGlobal('IS_PROD') === true ? 'file://' : 'http://localhost:3000';
+  process.env.NODE_ENV === 'development' ? 'http://localhost:3000' : 'file://';
 
 /**
  * Handler that receives an IPC message from the main process, and passes it