feat: Add electron security to disallow permission (#541)

* feat: Add electron security to disallow permission * Fix lint?

feat: Add electron security to disallow permission (#541)
* feat: Add electron security to disallow permission * Fix lint?
fb0d9f88 · Amaury Martiny · GitHub · cc413f86 · fb0d9f88
Unverified Commit fb0d9f88 authored Aug 30, 2019 by Amaury Martiny Committed by GitHub Aug 30, 2019
--- a/packages/fether-electron/src/main/app/methods/setupRequestListeners.js
+++ b/packages/fether-electron/src/main/app/methods/setupRequestListeners.js
@@ -15,6 +15,22 @@ function setupRequestListeners (fetherApp) {
    return messages(fetherApp, ...args);
  });

+  // Electron security guideline
+  // Handle Session Permission Requests From Remote Content
+  // https://electronjs.org/docs/tutorial/security#4-handle-session-permission-requests-from-remote-content
+  session.defaultSession.setPermissionRequestHandler(
+    (_webContents, permission, reqCallback) => {
+      // Only allow camera
+      if (permission === 'media') {
+        reqCallback(true);
+
+        return;
+      }
+
+      reqCallback(false);
+    }
+  );
+
  // WS calls have Origin `file://` by default, which is not trusted.
  // We override Origin header on all WS connections with an authorized one.
  session.defaultSession.webRequest.onBeforeSendHeaders(