Unverified Commit c8138b26 authored by Amaury Martiny's avatar Amaury Martiny Committed by GitHub
Browse files

fix: Disable Electron remote module (#554)

* fix: Disable Electron remote module

* Remove duplicate
parent 7cdce3b5
Pipeline #50791 passed with stages
in 14 minutes and 38 seconds
......@@ -143,6 +143,10 @@ const SECURITY_OPTIONS = {
* Reference: https://electronjs.org/docs/tutorial/security
*/
devTools: !IS_PROD,
/**
* Disable Electron's remote module.
*/
enableRemoteModule: false,
/**
* `nodeIntegration` when enabled allows the software to use Electron's APIs
* and gain access to Node.js. It must be disabled to restricting access to
......@@ -173,7 +177,6 @@ const SECURITY_OPTIONS = {
* Reference: https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
*/
sandbox: true, // Do not set to false. Run electron with `electron --enable-sandbox` to sandbox all BrowserWindow instances
enableRemoteModule: true, // Remote is required in fether-react parityStore.js
// Enables same origin policy to prevent execution of insecure code. Do not set to false
webSecurity: true,
allowRunningInsecureContent: false, // Do not set to true
......
......@@ -17,10 +17,10 @@
* https://github.com/electron/electron/issues/13130
*/
const { ipcRenderer, remote } = require('electron');
const { ipcRenderer } = require('electron');
const RENDERER_ORIGIN =
remote.getGlobal('IS_PROD') === true ? 'file://' : 'http://localhost:3000';
process.env.NODE_ENV === 'development' ? 'http://localhost:3000' : 'file://';
/**
* Handler that receives an IPC message from the main process, and passes it
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment