fix: Relates to #124. Security (#451)
* feat: Security aspects for fether-electron. See #124 * feat: Add Source Maps support * docs: Add Source Maps guide to Readme * feat: Add webpack-build-notifier add-on with custom Webpack config * fix: Remove duplicate dependency * WIP * WIP * review-fix: Configure CSP depending on NODE_ENV * fix: Fix worker-src for the camera in production * review-fix: Remove unnecessary config of source maps dependency * Use preload script as buffer between main and renderer processes (#463) * fix: Remove is-electron since now using preload script * fix: Remove old preload script * fix: Do not expose electron, remote, or require to web app * fix: Add newline * feat: Single Fether instance lock * fix: Move preload to static folder so works with binary * review-fix: Remove fix for webview since not used. Add comment incase used in future. Fix other event handling code * review-fix: Add optional opt-in to using Webpack notifier plugin by running with NOTIFIER=true yarn start * review-fix: Use pino.debug instead of console.log * review-fix: Add worker-src blob to CSP in development for webcam * review-fix: Update handling of untrusted urls and sessions and certificates * review-fix: Convert to WSS. Move CSP into array like in Parity-JS Shell. Update CSP * review-fix: Update CSP to avoid duplication * review-fix: Remove from new-window event listener that which applies to additional new BrowserWindows since not applicable * review-fix: Combined pino logs * review-fix: Change to parsedUrl.href instead of origin. Fix trusted urls for dev * fix: Remote https 127.0.0.1 in prod * review-fix: Move WebpackBuildNotifier images so not in binary. Fix ico file * fix: Remove console.logs * refactor: Cleanup so can merge. Extract for inclusion in separate PR * review-fix: Remove debugging notes since better in wiki * review-fix: Remove other lines due to move to wiki * fix comment * review-fix: Remove setPermissionRequestHandler since not know if need. Move to https://hackmd.io/O1FA34BuSNyJoPV1Cu3L0A * review-fix: Move CSP debugging into onHeadersReceived * review-fix: Fix isParityRunningStatus * review-fix: Replace parse-url with Node.js url parser * review-fix: Remove parse-url from dependencies * fix: Fix logic in setCertificateVerifyProc * WIP * review-fix: Dynamically add WS port from CLI to trusted * review-fix: Update comments with security warnings * merge latest from master and fix conflicts * chore: Remove useless console.log * misc: See commit details * Remove --ws-origins from CLI, hard-code instead * Remove --ws-interface from CLI, hard-code instead * Ignore --ws-interface and --ws-origins flags in CLI * Add hard-coded default trusted WS interface to window.bridge * Add default WS port to window.bridge * WIP - start implementing isDev. See FIXME for future work required * review-fix: Use appIsPackaged instead of NODE_ENV * fix: Add IS_PROD to constants and assign appIsPackaged to it. Expose it to frontend so no longer use NODE_ENV * feat: Add wiki Fether FAQ to trusted urls since required by PR #482 * fix: Fix untrusted blockscout.com error in setCertificateVerifyProc * review-fix: fix blocked image hosting and external blockscout urls * review-fix: trust github token icons * review-fix: Rename network to fetherNetwork so custom config avoids naming conflict * review-fix: Remove duplicate pino.debug for CSP * review-fix: Remove WsSecure until wss and certificates implemented * review-fix: Update config to show Electron security warnings in all environments * review-fix: Remove use of wsInterface * refactor: Refactor tests inside describe blocks * tests: Add chrome dev tools to tests for trusted urls * review-fix: Use NODE_ENV and Electron app.isPackaged * fix: Rebuild yarn.lock * fix: Fix linting to arg passed to correct script * review-fix: Remove ws-origins flag and trusted ws origins * test: Fix failing test * review-fix: Remove package-lock.json * fix: Use NODE_ENV consistently instead of process.defaultApp * fix: Change to hash instead of transactionHash for blockscout
Please register or sign in to comment